resecurity.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-11.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-11 2026 | ServiceNow RCE Exploitation CampaignSSTI | Writeup detailing a global reconnaissance campaign exploiting ServiceNow vulnerabilities CVE-2024-4879 and CVE-2024-5217. The campaign leveraged chained title injection, template injection bypass, and filesystem filter bypass to achieve unauthenticated remote code execution. Attackers utilized tools like Nuclei and search engines such as FOFA, Shodan, and HUNTER.NOW for reconnaissance and exploitation, aiming to exfiltrate database contents and user credentials from vulnerable instances across various industries, including financial services. |
| 2026-04-10 2026 | Blind SSRF to RCE Vulnerability ExploitationSSRF | Writeup demonstrating blind SSRF to RCE exploitation, detailing how an attacker can leverage a blind Server-Side Request Forgery vulnerability. This technique involves port scanning using the Gopher protocol to identify open services like Redis (TCP 6379) and then employing the Gopherus tool to generate payloads. These payloads can target various services such as MySQL, FastCGI, Memcached, Redis, Zabbix, and SMTP, ultimately allowing for the planting of a reverse shell and achieving Remote Code Execution. |
| 2026-04-10 2026 | SSRF to AWS Metadata Exposure: How Attackers Steal Cloud CredentialsSSRF | Writeup on Server-Side Request Forgery (SSRF) to AWS metadata exposure, detailing how attackers exploit unvalidated user input to access the EC2 Instance Metadata Service (IMDS) at 169.254.169.254. The article demonstrates the technique of traversing the metadata hierarchy to extract temporary IAM role credentials, leading to potential cloud credential theft, internal network scanning, and unauthorized access to AWS services. Mitigation strategies include enabling IMDSv2, enforcing strict URL validation, and restricting network access. |
| 2026-04-10 2026 | React2Shell Explained: From Vulnerability Discovery to ExploitationRCE | Library for understanding CVE-2025-55182, the React2Shell vulnerability. This exploit targets React Server Components' React Flight protocol by abusing unsafe deserialization of client-controlled payloads. Successful exploitation allows unauthenticated attackers to achieve remote code execution (RCE) on vulnerable servers, impacting applications built with React 19.0.0-19.2.0 and Next.js App Router versions 16.0.0-16.0.6. The analysis details how attackers manipulate prototype chains and the Function constructor to inject malicious code. |
| 2026-04-10 2026 | CVE-2025-68613: RCE via Expression Injection in n8nRCE | Writeup of CVE-2025-68613, a critical RCE vulnerability in n8n's expression evaluation engine. This flaw allows authenticated users to inject malicious JavaScript expressions, escaping the sandbox to execute arbitrary code on the server with n8n process privileges. Exploitation enables attackers to run OS commands, steal secrets, modify files, and gain full server control, impacting over 100,000 instances globally. The vulnerability affects versions from 0.211.0 up to 1.120.3 and early 1.122.x releases, with fixes available in versions 1.120.4, 1.121.1, and 1.122.0+. |
| 2026-04-10 2026 | CVE-2026-25769: Wazuh Critical RCE via Unsafe DeserializationDeser | Writeup on CVE-2026-25769, a critical RCE vulnerability in Wazuh versions 4.0.0 through 4.14.2. The issue stems from unsafe JSON deserialization within the cluster communication mechanism, allowing an attacker controlling a worker node to import arbitrary Python modules and execute commands on the master node with full cluster compromise. This flaw exploits CWE-502 by treating untrusted input as executable code, bypassing validation and relying on an overly permissive trust model between worker and master nodes. |