Home Honeypots Advisories Threat Intel Twitter Logo@DTCERT About

Telekom Security

Home Honeypots Advisories Threat Intel Twitter Logo@DTCERT About

  • Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability

    22 Apr 2026 • Advisories

    Today we publicly disclose a high-severity vulnerability (CVSS 3.1: 8.8) - in coordination with distro maintainers - that affects multiple Linux distributions in their default installations. The Pack2TheRoot vulnerability can be exploited by any local unprivileged user to obtain root access on a vulnerable system.

    Continue Reading →

  • Mass exploitation of CVE-2026-1281 and CVE-2026-1340 in Ivanti EPMM

    03 Mar 2026 • Threatintel

    In early 2026, two critical zero-day vulnerabilities in Ivanti’s mobile device management platform - CVE-2026-1281 and CVE-2026-1340 - emerged as significant drivers of incident activity across multiple sectors. Both flaws, rated CVSS 9.8 (critical), allow unauthenticated remote code execution, enabling attackers to compromise Ivanti Endpoint Manager Mobile (EPMM) appliances and potentially pivot into broader enterprise environments.

    Continue Reading →

  • REDAXO Mediapool Reflected Cross-Site Scripting

    25 Nov 2025 • Advisories

    A reflected Cross-Site Scripting vulnerability (CVE-2025-66026) has been identified in the REDAXO Mediapool component. The issue allows arbitrary JavaScript execution in the backend when a user visits a specially crafted link while authenticated.

    Continue Reading →

  • Multiple vulnerabilities in Janitza UMG 96RM-E

    04 Nov 2025 • Advisories

    Several vulnerabilities were discovered during testing of a Janitza UMG 96RM-E device.

    Continue Reading →

  • Multiple vulnerabilities in Kanboard (Exploiting web applications Part II)

    03 Jun 2025 • Advisories • Writeup

    This article is a continuation of a write-up series, where we discuss web application vulnerabilities found during red team operations. This time, the target was the Kanboard software.

    Continue Reading →

  • Rasa (un)authenticated Remote Code Execution via remote model loading (CVE-2024-49375)

    01 Apr 2025 • Advisories • Writeup

    During an internal penetration test a product was checked which uses Rasa to build a conversational AI. A mixture of penetration testing and source code analysis led to the discovery of an (un)authenticated Remote Code Execution.

    Continue Reading →

  • Multiple critical vulnerabilities in SICK DL100-2xxxxxxx Products

    14 Mar 2025 • Advisories

    Several vulnerabilities were discovered during testing of a DL100 device.

    Continue Reading →

  • Remote code execution in LDAP Account manager through CVE-2024-23333 (Exploiting web applications Part I)

    14 Jan 2025 • Advisories • Writeup

    During red teaming engagements, the first step is to gain a foothold in the client’s network. That might happen through a phishing attempt, malicious payloads, physical access to the client’s site or an assumed breach. But what happens once you got access to the network?

    Continue Reading →

« 1 2 3 4 5 6 7 8 »
Imprint • Disclaimer • Privacy Policy