CVE-2025-27144 - Denial of Service in Go JOSE Due to Excessive Memory Usage on Malicious JWT Input
Go JOSE is a popular Go library that makes dealing with JWT, JWE, and JWS standards easy and safe. However, if you are using version
CVE-2025-26529 - How Insufficient Log Sanitization Can Lead to Stored XSS Vulnerabilities
In early 2025, a new vulnerability named CVE-2025-26529 was discovered affecting various web-based applications with site administration panels. This vulnerability revealed that information displayed in
CVE-2025-27112 - Authentication Bypass in Navidrome Subsonic API — Deep Dive and Exploit Example
Summary:
A critical authentication flaw in Navidrome (versions .52. to .54.4) can let anyone access sensitive user data through the Subsonic API by simply
CVE-2025-27364 - RCE in MITRE Caldera Through Agent Compilation API (Full Exploit and Deep Dive)
If you run MITRE Caldera, especially versions through 4.2. and 5.. before commit 35bc06e, you should know about a critical Remote Code Execution (RCE)
CVE-2024-56897 - Unlocking the Risks in YI Car Dashcam v3.88 — Files & Commands Wide Open
YI Technology is known for its affordable car dashcams, but its model v3.88 is making headlines for all the wrong reasons. CVE-2024-56897 exposes a
Episode
00:00:00
00:00:00