CVE-2024-5528 - Subdomain Takeover Vulnerability in GitLab Pages – A Deep Dive
On June 27, 2024, GitLab issued a security advisory concerning a serious subdomain takeover vulnerability, now tracked as CVE-2024-5528. This issue affects the widely-used GitLab
CVE-2024-6356 - Security Policy Bot Cross-Project Access in GitLab EE – Analysis and Exploit Demo
CVE-2024-6356 is a newly discovered vulnerability affecting Enterprise Editions (EE) of GitLab, introducing a risk where the Security Policy Bot could interact with more projects
CVE-2025-0167 - How a Rare `.netrc` Configuration Can Leak Your Credentials in Curl Redirects
When you use cURL, it's natural to expect your credentials to stay private—especially if you took the trouble to set up a
CVE-2025-0725 - Exploiting Buffer Overflow in libcurl’s Gzip Decompression with zlib ≤ 1.2..3
On March 6, 2025, a new critical vulnerability named CVE-2025-0725 was discovered affecting libcurl when it’s used with zlib 1.2..3 or older.
CVE-2025-0665 - libcurl's Double Close on eventfd—How a Subtle Bug Can Haunt Your Server
Libcurl is a staple in the open source networking world—powering everything from command-line file downloads to complex data pipelines. But sometimes, even the sharpest
Episode
00:00:00
00:00:00