AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Advisories

Advisory

Samsung Tizen OS | Version Through 9.0

Samsung Tizen OS | Version Through 9.0

Feb 24, 2026

Bishop Fox identified a low-risk command injection flaw in Samsung Tizen OS (through 9.0) that allows OS-level code execution on smart TVs with developer mode enabled. Exploitation requires local access and the configured developer IP. Organizations should disable developer mode or use kiosk mode.

By Bishop Fox
Advisory

Deep Dive into Arista NG Firewall Vulnerabilities

Deep Dive into Arista NG Firewall Vulnerabilities

Feb 9, 2026

Bishop Fox identified six vulnerabilities in Arista NG Firewall version 17.4, including critical command injection flaws allowing root-level code execution with some exploitable by chaining attacks through a single malicious link.

By Ronan Kervella
Advisory

YoSmart YoLink Hub version 0382

YoSmart YoLink Hub version 0382

Oct 2, 2025

The following document describes identified vulnerabilities in the YoLink Hub smart device version 0382.

By Nick Cerne
Advisory

SonicWall Sonicos Versions 7.1.x and 8.0.x

SonicWall Sonicos Versions 7.1.x and 8.0.x

Apr 24, 2025

Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x that allowed them to cause an affected NSv virtual appliance to reboot by sending unauthenticated requests to specific API endpoints, resulting in a denial-of-service condition.

By Jon Williams
Advisory

Traeger Grill D2 Wi-Fi Controller, Version 2.02.04

Traeger Grill D2 Wi-Fi Controller, Version 2.02.04

Jul 2, 2024

Discover critical vulnerabilities in the Traeger Grill D2 Wi-Fi Controller that could impact your grill's security. Read our advisory to learn about the issues identified.

By Nick Cerne
Advisory

ExpressionEngine, Version 7.3.15

ExpressionEngine, Version 7.3.15

Jun 17, 2024

Bishop Fox staff identified two vulnerabilities in Packet Tide’s ExpressionEngine version 7.3.15. The most severe issue allowed Bishop Fox staff to obtain access to a new administrator account in an instance of ExpressionEngine.

By Matthieu Keller
Advisory

OOB Memory Read: Netscaler ADC and Gateway

OOB Memory Read: Netscaler ADC and Gateway

May 6, 2024

The affected Citrix NetScaler components are used for Authentication, Authorization, and Auditing (AAA), and remote access. The latest version of NetScaler is 14.1-21.15, released on April 23, 2024.

By Bishop Fox Researchers
Advisory

Ray, Versions 2.6.3, 2.8.0

Ray, Versions 2.6.3, 2.8.0

Nov 27, 2023

This Bishop Fox advisory highlights three critical severity vulnerabilities in the RAY application versions 2.6.3 and 2.8.0.

By Berenice Flores Garcia
Advisory

TaskCafe, Version 0.3.2 Advisory

TaskCafe, Version 0.3.2 Advisory

Jun 20, 2023

Learn about three vulnerabilities we discovered in TaskCafe Version 0.3.2 that result in improper access controls, stored cross-site scripting, and insecure file upload.

By Joan Bono, Luis De la Rosa Hernandez
Advisory

WP Coder, Version 2.5.3 Advisory

WP Coder, Version 2.5.3 Advisory

Apr 13, 2023

In this advisory learn about the WP Coder plugin that is affected by a time-based SQL injection vulnerability via the the ‘id’ parameter in versions up to, and including, 2.5.3.

By Etan Castro Aldrete
Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Apr 4, 2023

Learn about CVE-2023-21541, a Windows Task Scheduler vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Apr 4, 2023

Learn about the latest Microsoft Intune vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Advisory

EzAdsPro BlackBox Advisory

EzAdsPro BlackBox Advisory

Jan 25, 2023

Read this high risk advisory to learn how EzAdsPro "BlackBox" application allowed directory listing resulting in unauthorized information disclosure.

By Dan Petro
Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

Dec 15, 2022

In this advisory, read about a cross-site scripting (XSS) vulnerability in the FlowscreenComponents Basepack, Version 3.0.7.

By Matthew Rutledge
Advisory

Log HTTP Requests, Version 1.3.1, Advisory

Log HTTP Requests, Version 1.3.1, Advisory

Nov 21, 2022

Read this medium risk advisory to learn details about CVE-2022-3402.

By Etan Castro Aldrete
Advisory

Atlassian Jira Align, Version 10.107.4 Advisory

Atlassian Jira Align, Version 10.107.4 Advisory

Oct 24, 2022

Read to learn details about the Atlassian Jira Align, Version 10.107.4 Advisory

By Jake Shafer
Advisory

Netwrix Auditor Advisory

Netwrix Auditor Advisory

Jul 13, 2022

The Netwrix Auditor application is affected by an insecure object deserialization issue that allows an attacker to execute arbitrary code with the privileges of the affected service.

By Jordan Parkin
Advisory

FileStack Upload Advisory

FileStack Upload Advisory

Jun 23, 2022

The FileStack Upload application is affected by a cross-site scripting (XSS) vulnerability that allows an attacker to upload SVG files with JavaScript code inside them.

By Carlos Yanez
Advisory

CVE-2022-1388: Scan BIG-IP for Exact Release Versions

CVE-2022-1388: Scan BIG-IP for Exact Release Versions

May 10, 2022

Worried about your BIG-IP devices and if they are impacted by CVE-2022-1388? We built a scanner that can help you quickly determine if they are running versions that need to be patched. Check it out!

By Caleb Gross
Advisory

Log4j Vulnerability: Impact Analysis

Log4j Vulnerability: Impact Analysis

Dec 10, 2021

Affecting enterprise software, web applications, and well-known consumer products globally, the CVE-2021-44228 zero-day vulnerability impacts any organization using the Apache Log4j framework. Read our official Bishop Fox response as we unfold and report on Log4j's impact.

By Wes Hutcherson
Advisory

CATIE Web - Version 20.04.0

CATIE Web - Version 20.04.0

Dec 2, 2021

CATIE Web version 20.04 is vulnerable to four local file disclosure vulnerabilities, which enable an unauthenticated remote attacker to read arbitrary files via four separate application endpoints.

By Nate Robb, Dan Ritter
Advisory

eCatcher Desktop, Version 6.6.4 Advisory

eCatcher Desktop, Version 6.6.4 Advisory

Aug 17, 2021

An insecure filesystem permissions vulnerability was identified in eCatcher version 6.6.4 and earlier. To exploit this vulnerability, an attacker must have a user account on the same machine as the victim and have access to the machine during an active VPN connection.

By Priyank Nigam
Advisory

Wodify

Wodify

Aug 13, 2021

The Bishop Fox team discovered three vulnerabilities that could have a severe business and reputational risk for Wodify.

By Dardan Prebreza
Advisory

RetroArch for Windows, Versions 1.9.0 - 1.9.4 Advisory

RetroArch for Windows, Versions 1.9.0 - 1.9.4 Advisory

Jun 15, 2021

One high risk XSS vulnerability was identified within the the RetroArch for Windows application version 1.9.0.

By Daniel Fulford
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.