Alexander V. Leonov

About SQL Injection – Django (CVE-2025-64459) vulnerability. Django is a free and open-source high-level Python web framework. The vulnerability allows attackers to manipulate database query logic by injecting internal query parameters (_connector and _negated) when applications pass user-controlled input directly into filter(), exclude(), or get() calls. Exploiting this SQL injection may lead to unauthorized access […]

November Linux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild: 🔻 MemCor – Chromium (CVE-2025-13223). Added to CISA KEV on November 19. For 64 more vulnerabilities, public or suspected […]

November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here’s a big one. 🔥 🗞 Post on Habr (rus)🗞 Post on SecurityLab (rus)🗒 Digest on the PT website (rus) A total of nine vulnerabilities: 🔻 RCE – Windows Server Update […]

November Microsoft Patch Tuesday. A total of 65 vulnerabilities. I’m not comparing this with the October report because I’ve decided to cover only MSPT-day vulnerabilities. The thing is, Microsoft has started massively adding Linux-product vulnerabilities to their official website, and these clutter the “extended” MSPT reports. 🤷‍♂️ There is one vulnerability with evidence of in-the-wild […]

About Remote Code Execution – Microsoft SharePoint “ToolShell” (CVE-2025-49704) vulnerability. This vulnerability is from the Microsoft’s July Patch Tuesday. SharePoint is a web application developed by Microsoft for corporate intranet portals, document management, and collaborative work. Deserialization of untrusted data in the DataSetSurrogateSelector class leads to remote code execution in the context of the SharePoint […]

About Elevation of Privilege – Windows Remote Access Connection Manager (CVE-2025-59230) vulnerability. A vulnerability from the October Microsoft Patch Tuesday. The Windows Remote Access Connection Manager (RasMan) service is a core Windows component that manages dial-up and Virtual Private Network (VPN) connections, ensuring secure communication between a computer and remote networks. An access control flaw […]

About Remote Code Execution – Windows LNK File (CVE-2025-9491) vulnerability. A vulnerability in the Microsoft Windows shortcut (.LNK) handling mechanism allows malicious command-line arguments to be hidden in the Target field using whitespace characters, making them invisible to standard tools. Opening such an LNK file may lead to arbitrary code execution. 🔻 Peter Girnus, an […]

About Remote Code Execution – XWiki Platform (CVE-2025-24893) vulnerability. XWiki is a free and open-source wiki platform written in Java, with a strong focus on extensibility. It supports WYSIWYG visual editing, importing and exporting documents in OpenDocument format, adding annotations and tags, as well as flexible access rights management. The vulnerability allows an attacker with […]

About Elevation of Privilege – Linux Kernel (CVE-2025-38001) vulnerability. It affects the Linux HFSC network scheduler module. An authenticated attacker can exploit this flaw to gain root privileges. ⚙️ This vulnerability is from the June Linux Patch Wednesday. In the Vulristics report, it was no different from 354 other Linux Kernel vulnerabilities: the NVD provides […]

About Remote Code Execution – Redis “RediShell” (CVE-2025-49844) vulnerability. Redis is a popular in-memory key–value database, used as a distributed cache and message broker, with optional durability. This vulnerability allows a remote authenticated attacker to execute arbitrary code via a specially crafted Lua script. The requirement for authentication does not reduce its severity, because authentication […]