SecureLayer7 Research

---

About

SecureLayer7's research team focuses on identifying, analyzing, and responsibly disclosing vulnerabilities across widely-used software. This repository serves as a centralized archive of our published CVE research, proof-of-concept exploits, and lab environments.

---

Published Research

#	CVE ID	Product	Type	Severity	Analysis
1	CVE-2023-38831	WinRAR	RCE		Zero-Day RCE via DarkMe
2	CVE-2023-22518	Atlassian Confluence	Auth Bypass		Authentication Bypass
3	CVE-2023-26360	Adobe ColdFusion	RCE		Unauthenticated RCE
4	CVE-2020-9496 / CVE-2023-49070 / CVE-2023-51467	Apache OFBiz	RCE + Auth Bypass		Multiple Vulnerabilities
5	CVE-2024-23897	Jenkins	Arbitrary File Read		Arbitrary File Read
6	CVE-2023-39143	PaperCut	RCE		Remote Code Execution
7	CVE-2024-27348	Apache HugeGraph	RCE		Sandbox Bypass RCE
8	CVE-2024-25065	Apache OFBiz	Path Traversal		Auth Bypass via Path Traversal
9	CVE-2024-38856	Apache OFBiz	RCE		File Read to RCE
10	CVE-2024-22263	Spring Cloud Data Flow	Arbitrary File Write		Arbitrary File Writing
11	CVE-2024-39877	Apache Airflow	Code Execution		Jinja2 Template Injection
12	CVE-2024-31204 / CVE-2024-30270	Mailcow	XSS + Path Traversal		XSS & Path Traversal
13	CVE-2024-54676	Apache OpenMeetings	RCE		Deserialization RCE

---

Contact

Website	securelayer7.net
Blog	blog.securelayer7.net
Twitter	@securelayer7
Disclosure	Coordinated 90-day responsible disclosure policy

---

_{All research is conducted responsibly. Vulnerabilities are reported to vendors before public disclosure.}