CVE-2025-11931 - Integer Underflow in XChaCha20-Poly1305 Decrypt Leads to Out-of-Bounds Access
A new vulnerability, CVE-2025-11931, has been discovered in the implementation of XChaCha20-Poly1305 in several open-source cryptographic libraries. This bug specifically affects direct uses of the
CVE-2025-41115 - Exploiting SCIM Provisioning in Grafana to Impersonate and Elevate Privileges
In April, Grafana introduced SCIM provisioning via Grafana Enterprise and Grafana Cloud. The intention was to help organizations automate user management—handling onboarding, offboarding, and
CVE-2025-64660 - Remote Code Execution in GitHub Copilot and VS Code Due to Improper Access Control
In early 2025, a serious security vulnerability, CVE-2025-64660, was discovered impacting GitHub Copilot and Visual Studio Code (VS Code). This issue centers on *improper access
CVE-2025-11001 - 7-Zip ZIP File Directory Traversal RCE Explained (with Exploit Details)
In early 2025, a new critical vulnerability was identified in the widely used 7-Zip compression software. Tracked as CVE-2025-11001 (formerly ZDI-CAN-26753), this flaw allows an
CVE-2025-58034 - Exploiting OS Command Injection in Fortinet FortiWeb (Full Guide & Code Examples)
A recently disclosed vulnerability, CVE-2025-58034, is shaking up the world of Fortinet users. This critical flaw, categorized as CWE-78: Improper Neutralization of Special Elements used
Episode
00:00:00
00:00:00