Recent CVEs
CVE-2023-29447
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication.
CVE-2023-29446
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline.
CVE-2023-29445
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM.
CVE-2023-29444
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution.