HTB > CVE Explained

We deep dive into CVE-2024-27198, also known as the JetBrains TeamCity Multiple Authentication Bypass.

An in-depth look at CVE-2021-41772: a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49.

CVE-2022-29464 is a critical vulnerability that affected several web service integration products running on many sites.

An in-depth look at Openfire CVEs (CVE-2024-25420 & CVE-2024-25421): featuring two improper access control issues affecting the application.

An in-depth look at CVE-2022-0492: a container escape vulnerability that does not require a specific authorization capability to be granted to be exploited.

CVE-2023-34362 is a significant vulnerability that could enable unauthenticated attackers to manipulate a business's database through SQL injection.

Follina is a Microsoft Office vulnerability where the document uses the Word remote template feature to retrieve an HTML file from a remote web server, which in turn uses the ms-msdt MSProto

A quick overview of the recently discovered vulnerability. Learn how you can practice exploiting (and defending against) the local privilege escalation attack on the HTB platform!

CVE-2022-26923 is an Active Directory domain privilege escalation vulnerability that enables a privileged user to access the Domain Controller by abusing Active Directory Certificate Service

Approximately 25,227 CVEs were submitted in 2022. Our data looks at 99 of the most popular CVEs—based on the number of global searches each CVE generated.

Spring4Shell (CVE-2022-22965) is a remote code execution vulnerability in Spring Framework named after the critical Log4Shell bug disclosed in 2021.