socprime.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-22.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-22 2026 | CVE-2026-9082: Critical Drupal Core SQLi FlawSQLi | A critical SQL injection (SQLi) vulnerability, CVE-2026-9082, has been identified in Drupal Core. This flaw allows unauthenticated attackers to execute arbitrary SQL commands, potentially leading to severe data breaches or system compromise. The vulnerability is detailed in a security advisory. No bounty payout amount is mentioned in the provided content. |
| 2026-05-14 2026 | CVE-2026-42945: Critical NGINX Rewrite FlawRCE | Writeup detailing CVE-2026-42945, an 18-year-old heap buffer overflow in NGINX's ngx_http_rewrite_module. This critical vulnerability, also known as NGINX Rift, affects NGINX Open Source (0.6.27-1.30.0) and NGINX Plus (R32-R36), enabling denial of service or potential remote code execution via crafted HTTP requests. Exploitation occurs when rewrite directives use unnamed PCRE captures with a replacement string containing a question mark, followed by specific other directives. Mitigation involves upgrading to patched versions or temporarily replacing unnamed captures with named ones. |
| 2026-04-19 2026 | CVE-2025-14174: Apple WebKit Memory Corruption Zero-DayMobile | Writeup on CVE-2025-14174, a WebKit memory corruption zero-day actively exploited in targeted attacks. This vulnerability, alongside CVE-2025-43529, impacts all Apple devices rendering web content, including Safari and iOS/iPadOS browsers, allowing for arbitrary code execution through malicious web pages. Google also patched a similar out-of-bounds memory access issue in ANGLE. Immediate OS and browser updates are critical mitigation measures, as these exploits highlight the growing risk of browser engine vulnerabilities. |
| 2026-04-10 2026 | CVE-2025-25257: Critical SQLi in Fortinet FortiWebSQLi | Library of detection rules and threat intelligence for CVE-2025-25257, a critical SQL injection vulnerability in Fortinet FortiWeb. This unauthenticated flaw, rated 9.6 CVSS, allows arbitrary SQL command execution and potential remote code execution via crafted HTTP/HTTPS requests. The library offers curated detection algorithms compatible with SIEM, EDR, and Data Lake formats, mapped to MITRE ATT&CK, and enriched with CTI, attack timelines, and triage recommendations. It also features Uncoder AI for automated IOC conversion and detection rule generation from threat reports. |
| 2025-12-11 2025 | CVE-2025-10573: Ivanti EPM Unauth Stored XSS FixedXSS | Writeup on CVE-2025-10573 details an unauthenticated stored cross-site scripting vulnerability in Ivanti Endpoint Manager (EPM). An attacker can inject malicious JavaScript via crafted POST requests to `postcgi.exe`, leading to session hijacking when displayed in the management console. The vulnerability, tracked as CVE-2025-10573 with a CVSS score of 9.6, is addressed by Ivanti EPM version 2024 SU4 SR1. The writeup includes an attack narrative and regression test script using `curl` to demonstrate the exploitation and expected SIEM alert generation. |