CVE-2025-26465 - OpenSSH's VerifyHostKeyDNS Flaw Enables Complex Machine-in-the-Middle Attack
In early 2025, a new security vulnerability was discovered in OpenSSH. Tracked as CVE-2025-26465, this issue impacts OpenSSH clients when the VerifyHostKeyDNS option is turned
CVE-2025-24895 - Critical SAML Signature Validation Bypass in CIE.AspNetCore.Authentication
Published: June 2024
Affected package: cie-aspnetcore (CIE.AspNetCore.Authentication)
Fixed in: v2.1.
Impact: Remote user impersonation (Critical)
CVSS Score: 9.8 (Critical)
Introduction
Remote
CVE-2025-26620 - Race Condition Vulnerability in Duende.AccessTokenManagement for .NET
CVE-2025-26620 is a newly disclosed vulnerability affecting the Duende.AccessTokenManagement library for .NET, which is widely used for managing OAuth and OpenID Connect access tokens.
CVE-2024-4028 - Keycloak Admin Console Vulnerability Enables Privileged XSS Attacks
_Keycloak_ is a widely-used open-source identity and access management solution, trusted by developers for securing applications. In June 2024, a new critical vulnerability—CVE-2024-4028—was
CVE-2025-21703 - Linux Kernel netem Use-After-Free Exploit Explained
The Linux kernel is the backbone of almost every server and many desktops out there. When something’s wrong in the kernel, it can impact
Episode
00:00:00
00:00:00