Raxis Discovered Vulnerabilities
Raxis original discovered vulnerabilities that were identified during real engagement work, validated with the vendor, and assigned a CVE identifier through MITRE.
The Exploit articles categorized as Raxis Discovered Vulnerabilities
-
CVE-2026-36748: XSS in Rock RMS Leads to Privilege Escalation
By Jason Taylor Raxis Lead Pentester Jason Taylor recently discovered CVE-2026-36748, a high-risk XSS vulnerability in Rock RMS that allows privilege escalation to admin. June 1, 2026 -
Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
By Ryan Chaplin Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue. February 10, 2026 -
CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
By Raxis Research Team This CSS vulnerability, discovered by Raxis’ Matt Mathur, lies in a device’s properties and how they are verified and displayed within PRTG Network Monitor. October 21, 2022 -
CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
By Raxis Research Team Raxis lead penetration tester Matt Dunn uncovers two more ManageEngine vulnerabilities (CVE-2022-26653 & CVE-2022-26777). July 21, 2022 -
CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
By Raxis Research Team Matt Dunn discovers another ManageEngine Cross-Site Scripting vulnerability, this one in the Support Center Plus application. July 6, 2022 -
CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
By Raxis Research Team Raxis lead penetration tester Matt Dunn discovers an information leakage vulnerability in ManageEngine’s Asset Explorer CVE-2022-25245 June 7, 2022
