CVE-2025-4918 - Exploiting Out-of-Bounds Read/Write on JavaScript Promise in Firefox and Thunderbird
A critical security vulnerability—CVE-2025-4918—was found in Mozilla Firefox and Thunderbird affecting how JavaScript Promise objects are handled. This flaw lets attackers perform out-of-bounds
CVE-2025-47273 - Critical Path Traversal in setuptools Before 78.1.1 — Exploiting Python Package Management
Published: June 2024
Severity: High
Component: setuptools (before 78.1.1)
Exploit Type: Path Traversal (Write Arbitrary Files / Possible Remote Code Execution)
Introduction
Python developers
CVE-2025-22233 - Bypassing disallowedFields Checks in Spring Framework Data Binding
A new vulnerability, CVE-2025-22233, has been discovered in the Spring Framework. This issue is a follow-up to CVE-2024-38820, which tried to make sure both parameter
CVE-2025-4802 - How Untrusted LD_LIBRARY_PATH in glibc Can Lead to Privilege Escalation in Setuid Binaries
In early 2025, security researchers uncovered a critical vulnerability in the GNU C Library (glibc), tracked as CVE-2025-4802. This flaw affects glibc versions 2.27
Episode
00:00:00
00:00:00