Assetnote

Our security research team discovered a pre-authentication arbitrary file read as root in cPanel (CVE-2026-29205) — a path traversal in cpdavd that we made exploitable by abusing Dovecot's + alias handling to create attacker-controlled directory names on disk. We've updated cpanel2shell-scanner to cover both issues. Writeup and tool in replies. 👇

Our team discovered a vulnerability in Salesforce Marketing Cloud that allowed us to leak PII of subscribers and emails sent through SFMC, without any auth. Assigned CVE-2026-22585, CVE-2026-22586, CVE-2026-22582, CVE-2026-22583, CVE-2026-2298. Read our writeup here: slcyber.io/research-cente…

We've released a high fidelity detection technique for CVE-2026-41940 (cPanel/WHM auth bypass). You can find the research post here: slcyber.io/research-cente… and the tool here: github.com/assetnote/cpan… All other scanners and detection mechanisms so far will lead to false negatives.

Our team reverse engineered the Magento PolyShell pre-auth RCE - actively exploited in the wild. No auth needed to land a PHP webshell. RCE depends on server config, but the file persists regardless. Props to @sansecio for the heads up. slcyber.io/research-cente… @SLCyberSec

Reverse engineering large enterprise apps means wading through hundreds of vendor dependencies. We got tired of it, so we built Hyoketsu to fix it - open source, with a pre-calculated 13GB NuGet + Maven hash database. GitHub: github.com/assetnote/hyok…: slcyber.io/research-cente…

Our security research team created a high fidelity check for the Next.js/RSC RCE (CVE-2025-55182 & CVE-2025-66478). Read more on our blog here: slcyber.io/research-cente…

Our Security Research team discovered a critical vulnerability in Oracle Identity Manager, that leads to RCE without authentication. A patch was released 30 days ago by Oracle (CVE-2025-61757), and we highly recommend applying it. Our research post here: slcyber.io/research-cente…

Our Security Researcher @softpoison_ published his first research post, reverse engineering CVE-2025-54236 (SessionReaper) - a critical unauthenticated RCE in Magento. From understanding @Blaklis_'s original discovery, we wrote up our analysis here: slcyber.io/assetnote-secu…

Our Security Research team presented on Finding Critical Vulnerabilities in Adobe Experience Manager at @BSidesCbr late last month. We’ve published our research detailing the internals of AEM and how we discovered seven CVEs ranging in criticality here: slcyber.io/assetnote-secu….

Earlier this year, our Security Research team discovered a high-risk secondary context path traversal issue in Omnissa Workspace One UEM (CVE-2025-25231). We also developed a chain to RCE on instances in the wild. You can read our detailed research here: slcyber.io/assetnote-secu…

The final research blog from @SLCyberSec's Christmas in July concerns three more critical vulnerabilities that our security researchers have uncovered in Adobe Experience Manager Forms: two paths to RCE and a pre-authentication XXE slcyber.io/assetnote-secu…

Our Security Research team at @SLCyberSec found four vulnerabilities in the quality management platform ETQ Reliance, including a critical Remote Command Execution: slcyber.io/assetnote-secu…

Sometimes, SQL injection is still possible, even when prepared statements are being used. Our researcher @hash_kitten has written up a blog post about a novel technique for SQL Injection in PDO’s prepared statements: slcyber.io/assetnote-secu…

Our Security Research team at @SLCyberSec discovered a pre-authentication RCE vulnerability in Sawtooth Lighthouse Studio (CVE-2025-34300). It affects all versions up to 9.16.14. Read more here: slcyber.io/assetnote-secu…

Continuing @SLCyber’s Christmas in July posts, our Security Research team discovered a pre-authentication NTLM hash disclosure vulnerability in DNN (formerly DotNetNuke), assigned CVE-2025-52488. Read more on our blog here: slcyber.io/assetnote-secu…

For our first Christmas in July research post: How we managed to get persistent XSS on every Adobe Experience Manager Cloud instance three times! slcyber.io/assetnote-secu…

We’re trying to buck the trend of critical vulnerabilities all landing at the end of the year, much to the despair of security professionals! This July, we’ll be publishing a series of vulnerabilities across the month. Stay tuned: slcyber.io/assetnote-secu…

Our team recently used a novel technique to increase the impact of what seemed to be only a blind SSRF. This novel technique involving HTTP redirect loops and incremental status codes led to full HTTP response leakage. Read more on @SLCyberSec blog here: slcyber.io/assetnote-secu…