CVE-2025-27112 - Authentication Bypass in Navidrome Subsonic API — Deep Dive and Exploit Example
Summary:
A critical authentication flaw in Navidrome (versions .52. to .54.4) can let anyone access sensitive user data through the Subsonic API by simply
CVE-2025-27364 - RCE in MITRE Caldera Through Agent Compilation API (Full Exploit and Deep Dive)
If you run MITRE Caldera, especially versions through 4.2. and 5.. before commit 35bc06e, you should know about a critical Remote Code Execution (RCE)
CVE-2024-56897 - Unlocking the Risks in YI Car Dashcam v3.88 — Files & Commands Wide Open
YI Technology is known for its affordable car dashcams, but its model v3.88 is making headlines for all the wrong reasons. CVE-2024-56897 exposes a
CVE-2025-1632 - Null Pointer Dereference in libarchive’s bsdunzip.c – What You Need to Know
A new vulnerability has been publicly disclosed in the widely-used libarchive software library. Registered as CVE-2025-1632, the issue affects versions up to 3.7.7,
CVE-2025-24526 - Exporting Archived Mattermost Channels Even When Disabled
In early 2025, a significant security issue was found in Mattermost, a popular open-source collaboration platform used by thousands of organizations. This vulnerability, tracked as
Episode
00:00:00
00:00:00