Tag: remote code execution

All the articles with the tag "remote code execution".

[CVE-2025-48827] vBulletin’s Reflection Mix-up Lets Anyone Reach Protected API Methods

27 May, 2025

When vBulletin runs on PHP 8.1 or later, a change in the Reflection API breaks the application’s access controls. Unauthenticated attackers can call protected controller methods, a primitive that has already been chained to remote code execution in the wild.
[CVE-2025-32433] Erlang/OTP SSH Authentication Bypass Gives Attackers a Direct Shell

17 Apr, 2025

A logic error in Erlang/OTP's SSH server lets anyone run remote commands before authentication finishes. Because many networking appliances embed Erlang, the blast radius spans far beyond developer machines.

[CVE-2025-48827] vBulletin’s Reflection Mix-up Lets Anyone Reach Protected API Methods