HTTPVoid

🚨 CVE-2026-1731 🚨 Our team discovered a critical pre-auth RCE affecting BeyondTrust Remote Support & Privileged Remote Access. SaaS/Cloud instances have been patched. If you're running self-hosted deployments, apply the patches immediately. More info in the comments.

My research on CVE-2025-49113 is out. fearsoff.org/research/round…. Happy reading! #CVE #roundcube #poc @FearsOff

CVE-2025-49113 is a fascinating PHP Object injection in Roundcube webmail, a really nice find by the original finder. #roundcube #cve-2025-49113 #rce

New from us! Testing a Rails + Nginx app? This should be in your checklist. Read the blog to know how we disclosed Discourse database backups!

I just published a new blog post sharing an improved Deserialization Gadget Chain for Ruby! It builds on the work of others, including Leonardo Giovanni, Peter Stöckli @GHSecurityLab and @wcbowling nastystereo.com/security/ruby-…

Check out our latest blog post! We dive into GitHub Enterprise’s SAML implementation and explore an authentication bypass in encrypted assertion mode. CVE-2024-4985 / CVE-2024-9487: GitHub Enterprise SAML Authentication Bypass. projectdiscovery.io/blog/github-en…

Checkout our new blogpost! In this post we talk about SAML and the recent Ruby-SAML Auth bypass. CVE-2024-45409: Ruby-SAML Auth Bypass in GitLab blog.projectdiscovery.io/ruby-saml-gitl…

My colleague @hash_kitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on @assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.

Check out my write-up on a seemingly harmless and limited send() in GitHub (CVE-2024-0200) and how it could be used to obtain environment variables from a production container and to achieve remote code execution in GitHub Enterprise Server: starlabs.sg/blog/2024/04-s…

Enjoy our next blog post this time an SQL Injection on Apple’s Infra. Another win nets us a $25,000 bounty! 💻💰 #AppleSecurity #Research #bugbountytips #bugbounty blog.projectdiscovery.io/hacking-apple-…

Check out our new blog post! We hacked into Apple Travel Portal (yes, again!) using a 0-day Remote Code Execution exploit. Part 1 is live now, stay tuned for the follow-up on another RCE worth a total bounty of $40k! blog.projectdiscovery.io/hello-lucee-le…

As the PoC is almost out, we are now publishing our analysis.

@VietPetrus @iamnoooob @rootxharsh Nope, tested only on Confluence 8.5.3 and got the code execution working!

@httpvoid0x2f @iamnoooob @rootxharsh have you bypassed OgnlGuard?

Hello OgnlGuard/isSafeExpression, we meet again 🤝 🥲 Confluence OGNL Injection.

Reproduced the CVE-2023-46747 F5 Big-IP RCE via AJP smuggling. Props to @praetorianlabs for identifying this cool bug. @pdnuclei template dropping soon. Time to sleep😴 #f5-rce #CVE-2023-46747

Reproduced the AJP request Smuggling to access /tmui/* resources directly. Very interesting bug indeed, need to further look into post-exploitation. Until next time😴

@albinowax @nullcon Yay! See you there!

Just confirmed my race-condition live demo works just fine from Goa! I know logically that the technique means distance to the target has no effect... but it still surprises me every time. See you at 11:45 tomorrow @nullcon!

HTTP Request Splitting vulnerabilities exploitation offzone.moscow/upload/iblock/…

Here is the #exploit that targets the "VMWare Aria Operations for Networks" which has CVSS 9.8 and targets all the versions from 6.0 to 6.10 (CVE-2023-34039) 🔥 I just wrote the exploit, but the discovery credit is for @rootxharsh and @iamnoooob 👏 github.com/sinsinology/CV…

@LiveOverflow Just googled "literal_eval CTF" and landed here😂

Here is a little secret about how I audit code 🪄 I ask myself: "is ast.literal_eval() with untrusted data really safe?" Then I just google "ast.literal_eval CTF" and see if any writeups show up 🙃 Turns out, this code is 100% safe!!