Another great week! SAML&Node, C#&XML, GitLab!
‼️ !exploitable Episode Three - Devfile Adventures
The Doyensec team has released another episode of their serie !exploitable, this time on CVE-2024-0402 impacting GitLab: !exploitable Episode Three - Devfile Adventures.
📨 SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries
More SAML, this time impacting xml-crypto in the Node ecosystem: SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries.
🛤️ CVE-2024-53991 - Discourse Backup Disclosure: Rails send_file Quirk
What happens when you mix Ruby on Rails and the Nginx internal directive? Find out in the latest Blog Post from the Project Discovery team: CVE-2024-53991 - Discourse Backup Disclosure: Rails send_file Quirk.
☑️ By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)
A great post from the WatchTowr team. By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120).
❤️ TMP OUT #4
The latest TMPOUT is out: TMP OUT #4.
🗼 Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS
Another great post by the WatchTowr team, just the right mix of XML and C# code review: Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS.
