CVE-2025-11931 - Integer Underflow in XChaCha20-Poly1305 Decrypt Leads to Out-of-Bounds Access
A new vulnerability, CVE-2025-11931, has been discovered in the implementation of XChaCha20-Poly1305 in several open-source cryptographic libraries. This bug specifically affects direct uses of the
CVE-2025-41115 - Exploiting SCIM Provisioning in Grafana to Impersonate and Elevate Privileges
In April, Grafana introduced SCIM provisioning via Grafana Enterprise and Grafana Cloud. The intention was to help organizations automate user management—handling onboarding, offboarding, and
CVE-2025-64660 - Remote Code Execution in GitHub Copilot and VS Code Due to Improper Access Control
In early 2025, a serious security vulnerability, CVE-2025-64660, was discovered impacting GitHub Copilot and Visual Studio Code (VS Code). This issue centers on *improper access
CVE-2025-11001 - 7-Zip ZIP File Directory Traversal RCE Explained (with Exploit Details)
In early 2025, a new critical vulnerability was identified in the widely used 7-Zip compression software. Tracked as CVE-2025-11001 (formerly ZDI-CAN-26753), this flaw allows an
CVE-2025-12383 - Race Condition in Eclipse Jersey SSL Setup – From Handshake Failures to Insecure Trust (Exclusive Deep Dive)
Eclipse Jersey is a widely used framework for building RESTful web services in Java. In March 2025, a critical vulnerability was discovered and tracked as
Episode
00:00:00
00:00:00