We've just updated our latest blog post about CVE-2025-47812 to include another disclosure that went a little under the radar but could be used to leak a user's password: CVE-2025-27889. #security #BugBounty.

During a customer pentest, we went from anonymous Read-Only FTP access to full root-level remote code execution by abusing a string parsing discrepancy in Wing FTP's username handling. #security #BugBounty.

Here's a short write-up about CVE-2023-6542 a #security vulnerability affecting the SAP Emarsys SDK for Android allowing attackers to leak sensitive data from an app's private data directory and also load remote contents into an app overlay.