CVE-2025-4427 - How Attackers Can Bypass API Authentication in Ivanti Endpoint Manager Mobile 12.5.. (and Older)
Ivanti Endpoint Manager Mobile (EPMM) is widely used by companies to manage devices and enforce security. But on June 4th, 2025, a major vulnerability was
CVE-2025-31258 - How a macOS Sandbox Escape Was Fixed in Sequoia 15.5
In early 2025, Apple patched a serious security vulnerability impacting the macOS operating system. Tracked as CVE-2025-31258, this bug could have allowed a malicious app
CVE-2025-31644 - Exploiting Command Injection in F5 BIG-IP iControl REST and TMOS Shell (tmsh)
On June 2025, a critical vulnerability (CVE-2025-31644) was disclosed in F5 BIG-IP systems, specifically when running in Appliance mode. This flaw allows authenticated administrators to
CVE-2025-25014 - Prototype Pollution in Kibana Allows Remote Code Execution
In early 2025, a new high-impact vulnerability—CVE-2025-25014—was discovered in Kibana, the popular open-source data visualization tool that works with Elasticsearch. This bug, known
CVE-2025-2905 - XXE in WSO2 API Manager Gateway – Exploiting XML Path Injection for Data Theft and Denial of Service
Published: 2024-06-01 <br>Severity: High <br>CVSS: 8.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/
Episode
00:00:00
00:00:00