Check out the latest content provided by shockwave's research team.
Jenkins has disclosed CVE-2024-23897 that allows unauthenticated malicious actors to read local files from the systems, and potentially achieve Remote Code Execution.
CVE-2023-7028 is a Critical CVE affecting GitLab instances that allows malicious actors to reset arbitrary existing user password within a single HTTP request, and gain full access onto the instance.
CVE-2023-35078 is a Critical CVE on Ivanti's MobileIron product that allows malicious actors to dump the entire PII, devices and users on the MobileIron system in a matter of a single request.
Discover the story of our founder who uncovered the world's first documented Web Vulnerability that impacted OpenAI's ChatGPT, and collaborated with the team to swiftly remediate it within hours.
Learn from our research presentation how active email security detection tools exposes sensitive information about your company without any interaction - and what you can do about it!
This blog post discusses the discovery of a vulnerability by Shockwave's team which allowed malicious actors to claim assets.npmjs.com subdomain, and would likely have constructed a significant supply chain attack with.
Shockwave's Security Research team, identified and responsibly reported a Mass Assignment vulnerability that allowed us to escalate privileges from a normal membership level to that of an administrator account, giving us full access to the organization's systems.
Subscribe using Stripe
No meetings required