Vulnerability Releases

In an increasingly connected world, vulnerabilities are everpresent.
Our goal is to find high-impact vulnerabilities in widely deployed products to protect millions of people.
Below you'll find a list of selected security vulnerabilities we've discovered:

Electronic Voting Systems

Secure E-Voting Systems are vital for the functioning of a safe, resiliant democracy.
By discovering electronic voting system vulnerabilities we were able to save millions of humans from loss of trust in the government, riots and voting manipulation

ID Product Vulnerability
CVE-2019-25022 Scytl Secure Vote (sVote) SDM RCE
CVE-2019-25023 Scytl Secure Vote (sVote) X-Forwarded-For IP-Spoofing/Faking
CVE-2019-25020 Scytl Secure Vote (sVote) Unauthenticated REST Endpoints leading to Secure-Data-Manager admin configuration leak
CVE-2019-25021 Scytl Secure Vote (sVote) OrientDB Password
SUID-2019-00001 Scytl Secure Vote (sVote) Jackson-Databind RCE
SUID-2019-00002 Scytl Secure Vote (sVote) XSS
SUID-2019-00003 Scytl Secure Vote (sVote) XXE
SUID-2019-00004 Scytl Secure Vote (sVote) Hardcoded PKCS12 Passwords

Routers

Routers are critical embedded systems.
Exploits not only target a single system but can be abused to penetrate entire networks.
Our work has helped major network vendors secure massive customerbases.

ID Product Vulnerability
CVE-2021-27249 D-Link DAP-2020 Command Injection RCE
CVE-2021-27250 D-Link DAP-2020 Arbitrary File Read

Your Product?

If you want a thourough, fast and discreet security audit of your product get in contact with us!