CVE Disclosures & Offensive Security Presentation

0001-01-02

2 minute read

CVE

Security Presentation

Title	Event	Date
Bruno : A small Electron for a Nuclear reaction	Defcon Group 3210	30/09/2025

Major CVE

CVE	Vulnerability Summary	Affected Tool / Product
CVE-2025-54964	Remote Code Execution	BAE SOCET GXP
CVE-2025-54339	Privilege Escalation	Desktop Alert PingAlert
CVE-2025-54343	Privilege Escalation	Desktop Alert PingAlert
CVE-2025-54347	Arbitrary File Write	Desktop Alert PingAlert
CVE-2024-33879	Arbitrary File Download / Deletion	VirtoSoftware Virto Bulk File Download (SharePoint 2019)
CVE-2025-54963	Local File Inclusion	BAE SOCET GXP
CVE-2025-54967	XXE Injection	BAE SOCET GXP
CVE-2024-55399	SSRF	4C Strategies Exonaut
CVE-2025-54338	Password Hash Disclosure	Desktop Alert PingAlert
CVE-2025-54341	Hard-coded Credentials	Desktop Alert PingAlert
CVE-2025-54559	Path Traversal	Desktop Alert PingAlert
CVE-2025-36574	Path Traversal	Dell Wyse Management Suite
CVE-2024-41913	Improper Input Sanitization	Poly Clariti Manager

Minor CVE

CVE	Vulnerability Summary	Affected Tool / Product
CVE-2025-54340	Weak Cryptography	Desktop Alert PingAlert
CVE-2025-54342	Information Disclosure	Desktop Alert PingAlert
CVE-2025-54345	Information Disclosure	Desktop Alert PingAlert
CVE-2025-54346	Reflected XSS	Desktop Alert PingAlert
CVE-2025-54348	Stored XSS	Desktop Alert PingAlert
CVE-2025-545363	Username Enumeration	Desktop Alert PingAlert
CVE-2025-36575	Information Disclosure	Dell Wyse Management Suite
CVE-2024-55398	Insecure Permissions	4C Strategies Exonaut
CVE-2025-30210	Stored XSS	Bruno IDE
CVE-2024-33880	Path Disclosure	VirtoSoftware Virto Bulk File Download (SharePoint 2019)
CVE-2024-33881	NTLMv2 Hash Leak	VirtoSoftware Virto Bulk File Download (SharePoint 2019)
GHSA-fqxc-cxph-9vq8	Stored XSS	Bruno IDE
GHSA-q22p-vcc5-p4qg	Stored XSS	NetBox
CVE-2024-41912	Broken Access Control	Poly Clariti Manager
CVE-2024-41911	Reflected XSS	Poly Clariti Manager
CVE-2024-41910	Stored XSS	Poly Clariti Manager
CVE-2024-51720	Insufficient Entropy	SecuSUITE Secure Client Authentication
CVE-2024-55402	Broken Access Control	4C Strategies Exonaut
CVE-2024-55401	Directory Traversal	4C Strategies Exonaut
CVE-2025-0760	Credential Disclosure	Tenable Identity Exposure
CVE-2025-30354	Sandbox Bypass	Bruno IDE
CVE-2025-54968	Missing Authentication	BAE SOCET GXP
CVE-2025-54970	Missing Authentication	BAE SOCET GXP
CVE-2025-54969	CSRF	BAE SOCET GXP
CVE-2025-54966	Information Disclosure	BAE SOCET GXP
CVE-2025-59400	Arbitrary Read in Restricted Shell	Rubrik CDM
CVE-2025-59401	Information Disclosure via Stack Trace	Rubrik RSC-P
CVE-2025-15335	Directory Path Traversal	Tanium

CVE as Side Contributor

CVE	Vulnerability Summary	Affected Tool / Product
CVE-2024-34400	Stored XSS	VirtoSoftware Virto Kanban Board Web Part (SharePoint 2019)
CVE-2025-0760	Credential Disclosure	Tenable Identity Exposure
CVE-2025-1091	Broken Authorization	Tenable Identity Exposure
CVE-2025-1726	SQL Injection	Esri ArcGIS Monitor
CVE-2025-0337	Authorization Bypass	ServiceNow Now Platform
CVE-2025-57873	Reflected XSS	Esri Portal for ArcGIS