Pwn2Own Berlin 2025: Day Three Results

May 17, 2025 | Dustin Childs CONTINUE READING
CVE-2021-45105: Denial of Service via Uncontrolled Recursion in Log4j StrSubstitutor
Blog post

CVE-2021-45105: Denial of Service via Uncontrolled Recursion in Log4j StrSubstitutor

CVE-2021-26084: Details on the Recently Exploited Atlassian Confluence OGNL Injection Bug
Blog post

CVE-2021-26084: Details on the Recently Exploited Atlassian Confluence OGNL Injection Bug

CVE-2021-1497: Cisco HyperFlex HX Auth Handling Remote Command Execution
Blog post

CVE-2021-1497: Cisco HyperFlex HX Auth Handling Remote Command Execution

CVE-2021-31166: A Wormable Code Execution Bug in HTTP.sys
Blog post

CVE-2021-31166: A Wormable Code Execution Bug in HTTP.sys

CVE-2021-25646: Getting Code Execution on Apache Druid
Blog post

CVE-2021-25646: Getting Code Execution on Apache Druid

CVE-2019-0230: Apache Struts OGNL Remote Code Execution
Blog post

CVE-2019-0230: Apache Struts OGNL Remote Code Execution

CVE-2020-9496: RCE in Apache OFBiz XMLRPC via Deserialization of Untrusted Data
Blog post

CVE-2020-9496: RCE in Apache OFBiz XMLRPC via Deserialization of Untrusted Data

CVE-2020-1300: Remote Code Execution Through Microsoft Windows CAB Files
Blog post

CVE-2020-1300: Remote Code Execution Through Microsoft Windows CAB Files

CVE-2020-0729: Remote Code Execution Through .LNK Files
Blog post

CVE-2020-0729: Remote Code Execution Through .LNK Files

CVE-2019-9512 – A Microsoft Windows HTTP/2 Ping Flood Denial of Service
Blog post

CVE-2019-9512 – A Microsoft Windows HTTP/2 Ping Flood Denial of Service