Feed
Discussions

RCE

RCE

#rce

6 followers·22 articles

RCE

#rce·6 followers·22 articles

RCE

Changelog

New steps component and improved accessibility on Hashnode's blog and docs product.

Nov 05, 2024·

new

Trending Articles

StonFi's Multi-Chain Integration: Pioneering Web3 Innovation

Wissy Akanekpo·85 reads

Dmail vs. Other Web3 Email Solutions: Which One Rules the Decentralized Inbox?

Ekemini David ·30 reads

Dmail's Roadmap: The Future of Secure & Decentralized Email

Ekemini David ·28 reads

Top commenters this week

Writing Challenges

#2Articles1Week Challenge

Become better at technical writing; accept Hashnode's writing challenge for four weeks.

#2Articles1Week Challenge

#WomenWhoTech

Share your story, achievements, or experiences as a woman, non-binary folk in tech or as a #WomenWhoTech ally!

#WomenWhoTech

Self Starter

Publish your first article on Hashnode and become a self starter!

Self Starter

Serial Blogger

Publish an article every day for 7 days and earn a cool serial blogger badge!

Serial Blogger

Talk of the town

Write a story that drives amazing engagement on Hashnode and become the talk of the town!

Talk of the town

Word Warrior

Write an in-depth article on your Hashnode blog that's more than 2000 words and become a word warrior!

Word Warrior

Favourite Jome

Subhendu Kumar Jena

Subhendu Kumar Jena

Shreyash Shukla

Shreyash Shukla

SRIHARI KATTA

Shreyas Patil

Dheelep

dheelep-cybersec.hashnode.dev·Mar 27, 2025

Mar 27, 2025

CISA Warns of Sitecore RCE Flaws; Active Exploits Target Next.js and DrayTek Devices

Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two long-standing security vulnerabilities affecting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog due to co...

CISA Warns of Sitecore RCE Flaws; Active Exploits Target Next.js and DrayTek Devices

FPT Metrodata Indonesia

FPT Metrodata Indonesia

news.fmisec.com·Mar 26, 2025

Mar 26, 2025

Remote Code Execution (RCE) vulnerability impacting Apache Tomcat under active exploitation (CVE-2025-24813)

Summary Cyble's Security Update Advisory provides a synopsis of the latest vulnerability patches released by various vendors. This advisory covers a recently disclosed vulnerability in Apache Tomcat that is being actively exploited in the wild, merel...

Remote Code Execution (RCE) vulnerability impacting Apache Tomcat under active exploitation (CVE-2025-24813)

Discuss·1 read

Tran Hoang Phong

Tran Hoang Phong

blog.fiscybersec.com·Mar 07, 2025

Mar 07, 2025

Remote Code Execution Vulnerability in Kibana Urgently Patched by Elastic

A critical security vulnerability has been discovered in Kibana, a popular data visualization platform for Elasticsearch. This vulnerability, tracked as CVE-2025-25012, stems from a prototype pollution issue. It could allow hackers to execute malicio...

Remote Code Execution Vulnerability in Kibana Urgently Patched by Elastic

Discuss·4 reads

Newsletters-eng

Tran Hoang Phong

Tran Hoang Phong

blog.fiscybersec.com·Mar 07, 2025

Mar 07, 2025

Lỗ hổng thực thi mã từ xa trong Kibana được Elastic khắc phục khẩn cấp

Một lỗ hổng bảo mật nghiêm trọng đã được phát hiện trong Kibana – một nền tảng trực quan hóa dữ liệu phổ biến dành cho Elasticsearch. Lỗ hổng này, được theo dõi với mã CVE-2025-25012, xuất phát từ vấn đề ô nhiễm nguyên mẫu (prototype pollution). Điều...

Lỗ hổng thực thi mã từ xa trong Kibana được Elastic khắc phục khẩn cấp

Discuss·11 reads

Tran Hoang Phong

Tran Hoang Phong

blog.fiscybersec.com·Feb 21, 2025

Feb 21, 2025

Exploiting VSCode Remote Tunnels for Remote Code Execution on Victim's Machine

What are Remote Tunnels? Concept of Remote Tunnels Remote Tunnels is a feature integrated into Microsoft VSCode. This feature allows users to connect to remote machines, such as desktops or virtual machines (VMs), through a tunnel. Users can connect ...

Exploiting VSCode Remote Tunnels for Remote Code Execution on Victim's Machine

Discuss·14 reads

Newsletters-eng

Tran Hoang Phong

Tran Hoang Phong

blog.fiscybersec.com·Jan 24, 2025

Jan 24, 2025

Lạm dụng VSCode Remote Tunnels để thực hiện Remote Code Execution trên máy nạn nhân

Remote Tunnels là gì? Khái niệm Remote Tunnels Remote Tunnels là một tính năng được tích hợp trong Microsoft VSCode. Tính năng này cho phép người dùng kết nối với máy từ xa, như máy tính để bàn hoặc máy ảo (VM), thông qua tunnel. Người dùng có thể kế...

Lạm dụng VSCode Remote Tunnels để thực hiện Remote Code Execution trên máy nạn nhân

Discuss·26 reads

vscode extensions

Repl

n2l.team·Jan 06, 2025

Jan 06, 2025

Chrome Driver Exploitation with Headache - Final Web Challenge Writeup | CyberSentrix

At the end of 2024, my team and I, Cybersentrix, organized a CTF event aimed at high school students. This event featured two rounds: Qualifiers and Finals. In the Qualifiers, I contributed seven challenges spanning various categories: • 2 Web Challe...

Chrome Driver Exploitation with Headache - Final Web Challenge Writeup | CyberSentrix

Discuss·81 reads

Hitesh Patra

blogs.hiteshpatra.in·Dec 17, 2024

Dec 17, 2024

CVE-2024-53677 - Apache Struts File Upload Vulnerability leading to RCE

Apache has announced a critical vulnerability affecting Apache Struts, a widely used Java-based web application framework by various organizations, including government agencies, e-commerce platforms, financial institutions, and airlines. Apache publ...

CVE-2024-53677 - Apache Struts File Upload Vulnerability leading to RCE

Discuss·1 like·301 reads

Voorivex

blog.voorivex.team·Nov 19, 2024

Nov 19, 2024

From an Android Hook to RCE: $5000 Bounty

Hello, today I want to share a research-based story about how I reverse-engineered a famous Android application called MyIrancell. I managed to achieve RCE, reported it to the vendor, and earned a bounty. A few days ago, I received permission from th...

From an Android Hook to RCE: $5000 Bounty

Discuss·15 likes·9496 reads

Le Quoc Cuong

nospaceavailable.hashnode.dev·Nov 02, 2024

Nov 02, 2024

Gadget Inspector – a tool to find Java gadget chains for exploitation

Tại hội nghị Black Hat 2018, Ian Haken (JackOfMostTrades) đã giới thiệu một tool cho phép automation việc tìm gadget chain trong các thư viện hoặc classpath mà một Java application sử dụng. Trong blog này thì mình sẽ đi tìm hiểu cách hoạt động của to...

Gadget Inspector – a tool to find Java gadget chains for exploitation

Discuss·69 reads