Lightnews — Scholar-powered news

RCE Security

@rcesecurity.com

17 followers 1 following 4 posts

Your deep-diving External Attack Surface Management solution made in Germany. We cover your entire asset base. Yes, this includes your mobile apps! https://www.rcesecurity.com

www.rcesecurity.com

Posts Media Videos Starter Packs

RCE Security @rcesecurity.com · 12d

Another day, another Remote Code Execution (and its 3 friends).

Pre-auth path traversal, hard-coded crypto key allowing cookie forgery, arbitrary file write, and PII disclosure in TRUfusion Enterprise (CVE-2025-27222 to CVE-2025-27225) #security

www.rcesecurity.com/2025/09/when...

When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise | RCE Security

www.rcesecurity.com

1 3 4

RCE Security @rcesecurity.com · Jul 3

We've just updated our latest blog post about CVE-2025-47812 to include another disclosure that went a little under the radar but could be used to leak a user's password: CVE-2025-27889.

#security #BugBounty

www.rcesecurity.com/2025/06/what...

What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security

www.rcesecurity.com

RCE Security @rcesecurity.com · Jun 30

During a customer pentest, we went from anonymous Read-Only FTP access to full root-level remote code execution by abusing a string parsing discrepancy in Wing FTP's username handling.

#security #BugBounty

www.rcesecurity.com/2025/06/what...

What the NULL?! Wing FTP Server RCE (CVE-2025-47812) | RCE Security

www.rcesecurity.com

1 3

RCE Security @rcesecurity.com · Apr 10

Here's a short write-up about CVE-2023-6542 a #security vulnerability affecting the SAP Emarsys SDK for Android allowing attackers to leak sensitive data from an app's private data directory and also load remote contents into an app overlay.

www.rcesecurity.com/2025/04/sap-...

SAP Emarsys SDK for Android Sensitive Data Leak (CVE-2023-6542) | RCE Security