CVE-2025-24353 - How a Directus Role Escalation Bug Exposed Hidden Data
Directus is a popular open source platform for managing SQL database content through a modern API and dashboard—trusted by thousands of teams worldwide. But
CVE-2025-23006 - Pre-Auth Deserialization Flaw Exposes SMA100 AMC/CMC to Remote Command Execution
June 2024 Update: A new critical vulnerability, CVE-2025-23006, has been published for SonicWall SMA100 Series’ Appliance Management Console (AMC) and Central Management Console (CMC). This
CVE-2024-53299 - Apache Wicket 7.. Request Handling Gets Abused for Easy Denial-of-Service (DoS)
In Apache Wicket version 7.., there’s a serious problem: how it handles requests in the core can be misused by attackers to easily take
CVE-2024-52975 - How Sensitive Info Leaked from Fleet Server Logs and Why You Should Patch Now
Security vulnerabilities often come in all shapes and sizes. Sometimes, something as simple as a verbose log can end up being a huge data leak.
CVE-2024-52972 - Kibana API Vulnerability Lets Attackers Crash Your Instance with a Simple Request
On June 7, 2024, a new vulnerability was disclosed, tracked as CVE-2024-52972, affecting Kibana — the popular open-source analytics and visualization tool from Elastic. This security
Episode
00:00:00
00:00:00