Critical RCE vulnerability in F5 BIG-IP [CVE-2022-26352]
An unauthenticated Remote Code Execution Vulnerability in the iControl REST component of BIG-IP tracked as CVE-2022-1388.
Critical RCE in dotCMS Content Management Software
By performing a directory traversal attack during file upload a pre-auth RCE vulnerability was found in DotCMS. It allows an attacker to execute server-level commands on the underlying system.
AWS Lambda Command Injection
The attack comprises of performing command injection vulnerability in Lambda Functions in order to steal the AWS keys and access AWS resources as the stolen keys of the IAM role.
PwnKit: Local Privilege Escalation Vulnerability
A deepdive into a vulnerability and exploit that utilizes the insecure "pkexec" program which allows a local user to get root access on the vulnerable system.