CVEs/Disclosures

CVEs/Publications

In no particular order, and likely incomplete...

"React2Shell" CVE-2025-55182/CVE-2025-66478 - Unauthenticated RCE in React Server Components

CVE-2023-35803 - Unauthenticated root RCE in Aerohive access points with buffer overflow (write up - https://research.aurainfosec.io/pentest/bee-yond-capacity/)

CVE-2021-21027 - GraphQL CSRF, allowing one-click attack for hackers to place eCommerce orders with victim's stored details https://helpx.adobe.com/security/products/magento/apsb21-08.html
(no CVE assigned, circa 2020) - XSS in Stripe Payment Plugin

CVE-2025-49591 - Multi-Factor Authentication bypass, via public key format confusion
CVE-2025-49590 - DOM XSS vector, via URI protocol confusion to circumvent javascript: filters

IWX-CVE-2022-8338 - Low-priv hosting customer to root privesc, via SUID binary in backup restoration https://appendix.interworx.com/current/security_reports/cve-8338.html
IWX-CVE-2022-8384 - Low-priv hosting customer root RCE, via command injection in tar backup command - https://appendix.interworx.com/current/security_reports/cve-8384.html
IWX-CVE-2022-8470 - Low-priv hosting customer to root privesc, via SUID binary that opened VI - https://appendix.interworx.com/current/security_reports/cve-8470.html
IWX-CVE-2022-8522 - Low-priv hosting customer to root privesc, via path traversal for password reset tokens in admin panel - https://appendix.interworx.com/current/security_reports/cve-8522.html
IWX-CVE-2023-11439 - Critical unauthenticated root RCE, via novel PHP deserialisation chain - https://appendix.interworx.com/current/security_reports/cve-11439.html

(never officially published - lack of communication from security team after updates were applied)

Critical unauthenticated root RCE, via very low entropy in system API key generation used to create root cronjob
Low-priv hosting customer to root privesc, via very low entropy MySQL root password, used to create root cronjob