CVE-2025-25292 - How ruby-saml’s XML Parser Difference Led to SSO Authentication Bypass
ruby-saml is a popular Ruby library for supporting Security Assertion Markup Language (SAML) single sign-on (SSO). Widely used in Ruby applications, it’s trusted by
CVE-2025-25291 - Exploiting Authentication Bypass in ruby-saml via Signature Wrapping
CVE-2025-25291 is a newly disclosed vulnerability affecting the popular ruby-saml library for Ruby, which enables developers to integrate SAML Single Sign-On (SSO) capabilities into their
CVE-2025-27407 - Remote Code Execution in graphql-ruby via `from_introspection` Schema Loading
A critical vulnerability was discovered in graphql-ruby, the popular Ruby library for implementing GraphQL APIs. If your application uses certain versions of graphql-ruby, attackers could
CVE-2025-22870 - How IPv6 Zone IDs Can Bypass Proxy Rules in NO_PROXY — Analysis & Exploit Details
Proxy settings are a critical part of modern networking security and configuration — especially when applications should avoid connecting directly to certain hosts. Environment variables like
CVE-2025-25711 - Privilege Escalation in dtp.ae tNexus Airport View v2.8 via ProfileID Injection
---
Intro
A new vulnerability, CVE-2025-25711, has been discovered in the popular airport management software, dtp.ae tNexus Airport View v2.8. The flaw lets
Episode
00:00:00
00:00:00