Blog
In our blog, we report on pentesting, red teaming, and the latest news from MindBytes.
We assign our articles to categories. This gives you a quick overview of all articles in a category when needed:
Pentesting & Red Teaming | CVEs | MindBytes – Update! | Vulnerabilities & where to find them
What else might have happened in May?
– The past few weeks were shaped by our participation at the NIS-2 Congress and the Cybersecurity Summit. Two very successful events, each in its own way. – Our Stage 2 audit for ISO 27001 went well. Now we’re waiting for the official "Passed" from the certification...
April: Pentesting, 2 CVEs, Team +1, Graffiti Spraying & Vacation
That perfectly sums up this month's update. You'll find the artwork from the spraying session and some impressions from its creation below, because pictures definitely speak louder than words. We haven't received any feedback from MITRE regarding the CVE submissions...
Cross-Site Scripting in Qiata (CVE-2025-45850)
Unauthorized Access to Files in Qiata (CVE-2025-45849)
Affected Product: Qiata by SECUDOS Version 4.00.00–4.17.00CVSS Score (v3.1): 5.3 (Medium)Assigned CVE: CVE-2025-45849Recommendation: Update to Version 4.18.00Credit: Nina Wagner from MindBytes GmbHUsers can access files or their previews for which they are not...
March 2025 – Our Monthly Update
Short & sweet: 🎨 A colorful project mix featuring external infrastructure, Active Directory, web applications, and an extensive combination of web application pentesting + source code audits 📖 Created online content for the book "Pentests erfolgreich umsetzen"...