Crowdfense

The following vulnerabilities have been added to our feed: - 0DAY-2026-2: Microsoft Buffer Over-read DoS - 0DAY-2026-3: Microsoft Unvalidated Pointer Deref. LPE - CVE-2026-21385: Qualcomm GPU Signed Integer Extension LPE To discover more about it, visit crowdfense.com/n-day-feed/

We appreciate @crowdfense's continued support to Offensivecon as a Silver Sponsor!

@crowdfense x @NDAYSecurity Our N-Day Vulnerability Feed now powers NDAY's continuous exploitability platform & AttackBench AI agent - giving defenders the same weaponised intel APTs use in the wild. crowdfense.com/crowdfense-n-d…

The following weaponized vulnerabilities have been added to our n-day feed: - CVE-2025-61882: Oracle EBS - RCE - CVE-2026-24423: SmarterMail - RCE - CVE-2026-20941: Host Process - LPE - 0DAY-2026-0001: Visual Studio - Info Disclosure crowdfense.com/n-day-feed/

The following vulnerabilities have been added to our feed: - CVE-2025-49113: Roundcube PHP Object Deserialization RCE - CVE-2025-52691: SmarterMail Arbitrary File Upload RCE - CVE-2026-23760: SmarterMail Authentication Bypass RCE crowdfense.com/n-day-feed/

The following vulnerabilities have been added to our feed: - CVE-2025-64446: Fortinet Fortiweb Command Injection RCE - CVE-2025-62221: Microsoft Cloud Files Mini Filter Driver UAF LPE - CVE-2025-26666: Windows Media Heap-based Buffer Overflow DoS crowdfense.com/n-day-feed/

VULNCON 2026 is guided by an enhanced Review Panel, providing strategic oversight and maintaining technical rigor to ensure continued relevance within the evolving cybersecurity landscape. Monnappa KA - Principal Security Researcher David Campbell - Head of AI Security @Scale AI Adhokshaj Mishra - Staff Detection Engineer @SentinelOne Amol Naik - Head of Information Security @HugoHub Shubham Mittal - CEO & Co-Founder @RedHunt Labs Muslim Koser - Advisor @KAS Cybersecurity Vandana Verma - Security Relations Leader @Synk Paolo Stagno - Director of Research @Crowdfense Tomer Bar - Security Researcher 📅 12th & 13th June, 2026 📍 NIMHANS Convention Centre, Bengaluru #VULNCON2026 #Vulncon #Cybersecurity #CybersecurityLeadership #InfoSecCommunity #SecurityResearch #CyberConference

The following vulnerabilities have been added to our feed: CVE-2025-53136: NT OS KASLR Bypass CVE-2025-30397: Internet Explorer/Edge Chakra Engine RCE CVE-2025-59287: Windows Server Update RCE CVE-2025-24893: XWiki Groovy Injection RCE crowdfense.com/n-day-feed/

[#Zer0Con2026] 🗓️ CFP closes in "30 days" 🌕 CFP: ~ Feb 22, 2026 No hesitation. Only execution ;)

The following vulnerabilities have been added to our feed: CVE-2024-51324: Baidu Antivirus PPL CVE-2025-25257: FortiWeb SQL Injection and Command Injection CVE-2025-8088: WinRAR Directory Traversal ZDI-CAN-26372: Windows Theme File Parsing NTLM Leak crowdfense.com/n-day-feed/

Plot twist: today’s blog is NOT about vulns. We took a short break from breaking things and decided to build something instead. If you're curious about running powerful LLMs locally without selling your kidney for a GPU, here you go: crowdfense.com/home-made-llm-…

pagedout.institute ← Call for articles & art for issue #8 of this technical IT zine is open! As usual, we accept 1-page articles about everything interesting in IT and related fields (be it programming, cybersec, AI, demoscene, retro, electronics, etc).

The following vulnerabilities have been added to our feed: - CVE-2025-33053: Microsoft Windows Internet Shortcut Files RCE - CVE-2025-25257: Fortinet FortiWeb RCE - CVE-2025-50154: Microsoft Windows File Explorer NTLM Leak crowdfense.com/n-day-feed/

We just released a new batch of mobile and other high-value vulnerability bounties on our VRH platform. Targets include iOS, Android, and more. Now's the time to jump in! Register or log in to VRH and explore the opportunities: vrh.crowdfense.com

We’ve seen a bunch of new faces lately. Welcome! 👋 If you want real-time updates and stay in the loop, make sure you're following our Telegram channel and you are registered to our VRH platform: t.me/crowdfense vrh.crowdfense.com

Bidding farewell to one of the last Windows kernel address leaks, CVE-2025-53136 (KASLR bypass). Sometimes, even patches can open new doors for exploitation. crowdfense.com/nt-os-kernel-i…

Thanks to everyone who engaged with our latest blog post; we’re blown away by its reception! This Thursday, we’ll be diving into a CVE that burned a particularly interesting primitive. 👀

Technical deep-dive into CVE-2025-53149, a heap-based buffer overflow in the Windows Kernel Streaming WOW Thunk Service driver (ksthunk.sys). crowdfense.com/cve-2025-53149…

[#POC2025] Registration is NOW OPEN! Early Bird: Sept 1 – Sept 30 Standard: Oct 1 – Oct 30 CFP is still OPEN — We’re already seeing 🔥 talks coming in Got something bold, brilliant, or badass? Submit yours before → Sept 30 📢1st Speaker Line-up drops this week🙏 🌐 powerofcommunity.net

It's going to be a hot summer. 🔥 We’ve got two blog posts in the pipeline, one with a great primitive we’re excited to drop. Just waiting on MSRC approval + CVE assignment before publishing. Stay tuned...