CVE-2025-13836 - HTTP Client Memory Exhaustion Vulnerability Explained
HTTP clients are everywhere—web browsers, API clients, bots. But sometimes, an overlooked default can open the door for attackers. CVE-2025-13836 highlights one of these
CVE-2025-66035 - XSRF Token Leak in Angular via Protocol-Relative URLs
A new critical vulnerability—CVE-2025-66035—has been found in Angular’s popular HttpClient, affecting versions prior to 19.2.16, 20.3.14, and 21.
CVE-2025-58360 - How an XXE Flaw in GeoServer Exposed Sensitive Data Via GetMap Requests
GeoServer, the popular open-source geospatial server, is often used by organizations to share and visualize spatial data. In early 2025, security researchers discovered a new
CVE-2025-11932 - How a Non-Constant Time PSK Binder Leak Can Break Your TLS 1.3 Security
CVE-2025-11932 is a newly disclosed vulnerability affecting certain TLS 1.3 server implementations. The issue? The server used a non-constant time method to verify the
CVE-2025-11931 - Integer Underflow in XChaCha20-Poly1305 Decrypt Leads to Out-of-Bounds Access
A new vulnerability, CVE-2025-11931, has been discovered in the implementation of XChaCha20-Poly1305 in several open-source cryptographic libraries. This bug specifically affects direct uses of the
Episode
00:00:00
00:00:00