RCE Security
@rcesecurity.com
We continuously map, monitor, and test your external attack surface — just like a real attacker would.
Our friends @hashicorp.com released a new version of Consul fixing our reported Denial of Service vulnerabilities (CVE-2025-11374 and CVE-2025-11375).
See our official advisories for the details and remediation steps: www.rcesecurity.com/security-adv...
#security
See our official advisories for the details and remediation steps: www.rcesecurity.com/security-adv...
#security
Security Advisories | RCE Security
www.rcesecurity.com
November 2, 2025 at 3:40 PM
Our friends @hashicorp.com released a new version of Consul fixing our reported Denial of Service vulnerabilities (CVE-2025-11374 and CVE-2025-11375).
See our official advisories for the details and remediation steps: www.rcesecurity.com/security-adv...
#security
See our official advisories for the details and remediation steps: www.rcesecurity.com/security-adv...
#security
Another day, another Remote Code Execution (and its 3 friends).
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security
www.rcesecurity.com
September 30, 2025 at 3:43 PM
Another day, another Remote Code Execution (and its 3 friends).
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security
www.rcesecurity.com/2025/09/when...
We've just updated our latest blog post about CVE-2025-47812 to include another disclosure that went a little under the radar but could be used to leak a user's password: CVE-2025-27889.
#security #BugBounty
www.rcesecurity.com/2025/06/what...
#security #BugBounty
www.rcesecurity.com/2025/06/what...
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security
www.rcesecurity.com
July 3, 2025 at 3:04 PM
We've just updated our latest blog post about CVE-2025-47812 to include another disclosure that went a little under the radar but could be used to leak a user's password: CVE-2025-27889.
#security #BugBounty
www.rcesecurity.com/2025/06/what...
#security #BugBounty
www.rcesecurity.com/2025/06/what...
During a customer pentest, we went from anonymous Read-Only FTP access to full root-level remote code execution by abusing a string parsing discrepancy in Wing FTP's username handling.
#security #BugBounty
www.rcesecurity.com/2025/06/what...
#security #BugBounty
www.rcesecurity.com/2025/06/what...
What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security
www.rcesecurity.com
June 30, 2025 at 7:31 PM
During a customer pentest, we went from anonymous Read-Only FTP access to full root-level remote code execution by abusing a string parsing discrepancy in Wing FTP's username handling.
#security #BugBounty
www.rcesecurity.com/2025/06/what...
#security #BugBounty
www.rcesecurity.com/2025/06/what...
Here's a short write-up about CVE-2023-6542 a #security vulnerability affecting the SAP Emarsys SDK for Android allowing attackers to leak sensitive data from an app's private data directory and also load remote contents into an app overlay.
www.rcesecurity.com/2025/04/sap-...
www.rcesecurity.com/2025/04/sap-...
SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542) | RCE Security
www.rcesecurity.com
April 10, 2025 at 2:52 PM
Here's a short write-up about CVE-2023-6542 a #security vulnerability affecting the SAP Emarsys SDK for Android allowing attackers to leak sensitive data from an app's private data directory and also load remote contents into an app overlay.
www.rcesecurity.com/2025/04/sap-...
www.rcesecurity.com/2025/04/sap-...