Disclosures

Horizon3.ai discovered two critical vulnerabilities in N-able N-central — CVE-2025-9316 and CVE-2025-11700 — that can be chained to leak credentials and fully compromise the appliance. This in-depth analysis details how the flaws were found, exploited, responsibly disclosed, and patched in version 2025.4, turning N-days into true 0-days.

Learn how Horizon3.ai uncovered CVE-2025-34508 in ZendTo, allowing attackers to access sensitive files through a path traversal flaw.

CVE-2025-3248 is a critical code injection vulnerability affecting Langflow, a popular tool used for building out agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers. The issue is patched in Langflow 1.3.0.

Critical Ivanti Endpoint Manager vulnerabilities revealed—learn about CVE exploits and mitigation.

SimpleHelp remote support software is susceptible to critical vulnerabilities that could allow full takeover of SimpleHelp servers. Users of SimpleHelp should upgrade to the latest version ASAP.

On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition application admin credentials. While we had never heard of Expedition application before, it's advertised as: The purpose of this tool is to help reduce the time and efforts of migrating a configuration from…

On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA's Known Exploited Vulnerability (KEV) catalog two days later on August 15, 2024. The advisory states: SolarWinds Web Help Desk was found to be susceptible to a…

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.

This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.