Pwn2Own Berlin 2026: Day Three Results and Master of Pw

May 16, 2026 | Dustin Childs CONTINUE READING
Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit
Blog post

Looking at the Attack Surface of the Sony XAV-AX5500 Head Unit

Finding Deserialization Bugs in the SolarWinds Platform
Blog post

Finding Deserialization Bugs in the SolarWinds Platform

CVE-2023-35150: Arbitrary Code Injection in XWiki.org XWiki
Blog post

CVE-2023-35150: Arbitrary Code Injection in XWiki.org XWiki

Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers
Blog post

Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers

CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability
Blog post

CVE-2023-36934: Progress Software MOVEit Transfer SQL Injection Remote Code Execution Vulnerability

CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs
Blog post

CVE-2023-20864: Remote Code Execution in VMware Aria Operations for Logs

CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE
Blog post

CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE

CVE-2023-24941: Microsoft Network File System Remote Code Execution
Blog post

CVE-2023-24941: Microsoft Network File System Remote Code Execution

Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight
Blog post

Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight

CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service
Blog post

CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service