DC3 VDP

Feb 2026: @DeptofDefense #DIBVDP identified a critical vuln affecting web apps using template engines. Improper input sanitization in server-side templates can allow arbitrary command execution. Learn more in the #Knowledgebyte

FEB 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical vulnerability identifying remnant database files that could be used to reconstruct sensitive data. Read all about it in the #Knowledgebyte

Huge congratulations to linkedin.com/in/marcus-jans… for being named Researcher of the Month. Jansson is being recognized for finding a way to achieve privilege escalation on the target website via use of an exposed email verification token. 🔥📷 Well deserved! #CyberSecurity #VDP

Shoutout 2 @kaanmert9 4 uncovering an SSTI vulnerability on /contact-us/ where user input could trigger arbitrary code execution. Exploits like this can lead 2 server takeover, data theft/lateral movement. Great catch protecting the ecosystem! #DIBVDP #CyberSecurity #InfoSec

JAN 2026, @DeptofDefense #DIBVDP – uncovered an authentication bypass vulnerability that could let attackers gain unauthorized access and escalate privileges. Critical reminder of the importance of robust access controls. Read all about it in the #Knowledgebyte

JAN 2026 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported a critical severity submission for a permission issue that would allow for the retrieval of unauthorized files with a known file identifier. Read all about it in the #Knowledgebyte

Milestone unlocked! The DIB Vulnerability Disclosure Program has surpassed 1,000 valid vulnerability submissions; huge win 4 crowdsourced cybersecurity/a major step in protecting our national security infrastructure. Massive thanx 2 the talented researchers who made it possible!

Shoutout to @kaenne__ for identifying a dangerous auth bypass vector. Real world impact here is massive — from compromised user sessions to full application abuse if left unpatched. Research like this keeps the ecosystem resilient. #DIBVDP #CyberSecurity #Infosec #WebSecurity

Big shoutout 2 @ItsKenshin04 4 snagging Researcher of the Month with the DoD Vulnerability Disclosure Program! @ItsKenshin04 found an IDOR vulnerability allowing them 2 view/download vast quantities of sensitive PII, i.e. finance related details in connection 2 military personnel

DEC 2025 @DeptofDefense #DIBVDP observed industry reporting on React2Shell-critical remote code execution vulnerability impacting applications using React Server Components. The vulnerability stems from improper validation/handling of server-side component requests.#Knowledgebyte

DEC 2025 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported multiple critical vulnerabilities identifying CVE-2025-55182, a remote code execution vulnerability within React Server Components. Read all about it in the #Knowledgebyte

Huge congratulations 2 @wgujjer11 4 being named Researcher of the Month. @wgujjer11 is being recognized 4 finding a Remote Code Execution vulnerability related 2 React Server which could have led 2 remote execution of system commands on the target server. Well deserved! #VDP

NOV 2025 @DeptofDefense #DIBVDP received a high‑severity report of an authentication bypass vulnerability where attackers manipulated HTTP responses 2 convert a 403 Forbidden into a 200 OK This flaw allowed unauthorized access 2 protected resources without valid credentials

NOV 2025 @DeptofDefense Vulnerability Disclosure Program #VDP @Hackers0x01 #Hackers identified multiple systems that were vulnerable to CVE-2025-64095, an unauthorized file upload capability within DNN. Read all about it in the #Knowledgebyte

Big thanks to @wgujjer11 for responsibly disclosing CVE-2025-64095 in DotNetNuke. This flaw could allow account takeover, data exposure or portal defacement, creating real business and reputation risk if unpatched. #DIBVDP #CyberSecurity #Infosec #WebSecurity

Huge congratulations 2 @0xr2rx 4 being named Researcher of the Month. @0xr2rx is being recognized 4 finding a file upload vulnerability, DNN (DotNetNuke), which could have led to arbitrary, unrestricted/unauthorized uploads of any files to the target server Well deserved! #VDP

OCT 2025 @DeptofDefense #DIBVDP received a critical report of a remote-code-execution vulnerability CVE-2025-20333 in Cisco Secure Firewall ASA/FTD devices where authenticated attackers could exploit the VPN web interface to gain root on the device risking full network compromise

OCT 2025 @DeptofDefense Vulnerability Disclosure Program #VDP @Hacker0x01 #Hackers reported several critical severity submissions identifying a heap overflow attack within Cisco ASA devices that could result in remote code execution. Read all about it in the #Knowledgebyte.

Big thanks 2 @Alfred05 4 reporting a Reflected XSS vulnerability through our #DIBVDP program! This type of flaw allows attackers 2 inject malicious scripts steal session data or perform unauthorized actions on behalf of users #CyberSecurity #InfoSec #WebSecurity #EthicalHacking

Huge congratulations to @yaser_s for being named Researcher of the Month. @yaser_s is being recognized for finding an authentication bypass and buffer overflow vulnerability on Cisco ASA, which could have led to RCE on affected devices. 🐞🕸 Well deserved! #CyberSecurity #VDP