CVE-2025-24813 - Exploiting Path Equivalence and Internal Dots in Apache Tomcat – Remote Code Execution & Sensitive File Disclosure
Apache Tomcat is one of the most popular web servers used around the world, powering everything from development servers to large-scale production services. In February
CVE-2025-25977 - Remote Code Execution in canvg v4..2 via StyleElement Constructor
A new critical security flaw, CVE-2025-25977, has been discovered in canvg, a popular JavaScript library for rendering SVGs on Canvas. This vulnerability affects version v4.
CVE-2025-25614 - Privilege Escalation in Unifiedtransform 2. via Incorrect Access Control
Unifiedtransform is a popular open-source school management and examination platform, used by educational institutions worldwide. But in early 2025, a security issue—now indexed as
CVE-2025-26865 - Deep Dive into the Apache OFBiz Template Engine Vulnerability
In June 2024, a critical vulnerability surfaced in Apache OFBiz — a popular open source enterprise resource planning (ERP) suite used by businesses worldwide. Tracked as
CVE-2025-27636 - Exploiting Method Invocation Injection in Apache Camel-Bean Component
Published: 2025-02-29
Severity: High (Bypass/Injection)
Affected Packages: apache-camel (see Advisory)
Patched in: 4.10.2 (4.10.x LTS), 4.8.5 (4.8.
Episode
00:00:00
00:00:00