PoC Released for Notepad++ Privilege Escalation Vulnerability (CVE-2025-49144)

Notepad++ is vulnerable to a privilege escalation vulnerability that may allow unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. Tracked as CVE-2025-49144, the vulnerability exposes millions of users worldwide to complete system compromise. There is proof-of-concept now publicly available.

Invision Community Remote Code Execution Vulnerability (CVE-2025-47916)

A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to execute arbitrary code on the target system. The vulnerability puts countless forums and online communities at serious risk because of the popularity of the Invision Community.

ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)

Summary: A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Description: Zoho ManageEngine Desktop Central faces An untrusted deserialization vulnerability. The vulnerability stems from an improper input validation in the FileStorage class. This … Continue reading “ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)”

Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Zero Day Vulnerability

Four days ago, a potent proof-of-concept code exploiting an end-of-life software, the Microsoft Internet Information Services 6.0 was released. At this point of time – 4 days after the well publicized release of the PoC, the internet still has 607,134 publicly facing web servers! Of these, 286,068 servers are located in the United States. The March … Continue reading “Microsoft IIS 6.0 ScStoragePathFromUrl Buffer Overflow Zero Day Vulnerability”

NTPD read_mru_list() DoS Layman Analysis

Background: NTP stands for Network Time Protocol, which is a UDP based protocol designed to synchronize clocks of devices over a network with Coordinated Universal Time (UTC). In it’s fourth version, it is one of the oldest networking protocols. NTP.org implemented this as a daemon. Many vendors use this implementation in their products. In it’s … Continue reading “NTPD read_mru_list() DoS Layman Analysis”