Pwn2Own Berlin 2025: Day Three Results

May 17, 2025 | Dustin Childs CONTINUE READING
Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
Blog post

Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading

Riding the InfoRail to Exploit Ivanti Avalanche – Part 2
Blog post

Riding the InfoRail to Exploit Ivanti Avalanche – Part 2

CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
Blog post

CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution

Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Blog post

Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack

CVE-2022-30136: Microsoft Windows Network File System v4 Remote Code Execution Vulnerability
Blog post

CVE-2022-30136: Microsoft Windows Network File System v4 Remote Code Execution Vulnerability

CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
Blog post

CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack

Is exploiting a null pointer deref for LPE just a pipe dream?
Blog post

Is exploiting a null pointer deref for LPE just a pipe dream?

Pwn2Own Vancouver 2022 - The Results
Blog post

Pwn2Own Vancouver 2022 - The Results

Pwn2Own Vancouver 2022 - The Schedule
Blog post

Pwn2Own Vancouver 2022 - The Schedule

CVE-2022-26381: Gone by others! Triggering a UAF in Firefox
Blog post

CVE-2022-26381: Gone by others! Triggering a UAF in Firefox