https://nstsec.com/it/tags/cve/ Recent content in Cve on nstsec.com https://nstsec.com/images/index.png https://nstsec.com/images/index.png Hugo it Thu, 16 Apr 2026 18:30:00 +0200 https://nstsec.com/it/posts/postiz-xss-cve-2026-40487/ Thu, 16 Apr 2026 18:30:00 +0200 https://nstsec.com/it/posts/postiz-xss-cve-2026-40487/ Come ho scoperto una Arbitrary File Upload in Postiz (CVE-2026-40487, CVSS 8.9 High) che consente il takeover completo degli account. https://nstsec.com/it/posts/pwndoc-username-enumeration-cve-2022-44023/ Sat, 29 Oct 2022 10:45:00 +0200 https://nstsec.com/it/posts/pwndoc-username-enumeration-cve-2022-44023/ PwnDoc <= 0.5.3 - Username Enumeration via Different Responses https://nstsec.com/it/posts/pwndoc-username-enumeration-cve-2022-44022/ Sat, 29 Oct 2022 10:23:19 +0200 https://nstsec.com/it/posts/pwndoc-username-enumeration-cve-2022-44022/ PwnDoc <= 0.5.3 - Username Enumeration via Response Timings https://nstsec.com/it/posts/xwiki-xss-cve-2020-13654/ Wed, 30 Dec 2020 11:19:29 +0200 https://nstsec.com/it/posts/xwiki-xss-cve-2020-13654/ Come ho scoperto una Stored XSS in XWiki Platform < 12.8, perché il flag HttpOnly mi ha impedito il furto di cookie e come ho dovuto riorientare l'attacco verso una privilege escalation via CSRF, fino ad ottenere la mia prima CVE dal MITRE.