Security Advisories

CVEs and security vulnerabilities discovered and responsibly disclosed by the RasterSec team.

RSEC-2026-001 May 28, 2026

RSEC-2026-001: Multiple Vulnerabilities in Lumiverse

A review identified five vulnerabilities in Lumiverse which, when chained, could allow an attacker to achieve unauthozired remote code execution (RCE). Some of the vulnerabilities could also be exploited independently to achieve authorized RCE.

RSEC-2025-001 May 23, 2025

RSEC-2025-001: 3X-UI Update Accepts Forged Server Certificates

3X-UI before v2.5.3 accepts arbitrary server certificate for updates.

Security Advisories

RSEC-2026-001: Multiple Vulnerabilities in Lumiverse

RSEC-2025-001: 3X-UI Update Accepts Forged Server Certificates

Contact Us