CVE-2025-27407 - Remote Code Execution in graphql-ruby via `from_introspection` Schema Loading
A critical vulnerability was discovered in graphql-ruby, the popular Ruby library for implementing GraphQL APIs. If your application uses certain versions of graphql-ruby, attackers could
CVE-2025-25711 - Privilege Escalation in dtp.ae tNexus Airport View v2.8 via ProfileID Injection
---
Intro
A new vulnerability, CVE-2025-25711, has been discovered in the popular airport management software, dtp.ae tNexus Airport View v2.8. The flaw lets
CVE-2025-21846 - Linux Kernel acct(2) NULL Pointer Dereference Vulnerability Explained
A new Linux kernel vulnerability, CVE-2025-21846, was recently identified and resolved. The bug existed in the implementation of the acct(2) system call—a legacy
CVE-2025-2233 - Samsung SmartThings Hub API Authentication Bypass Explained
Warning: A recent vulnerability, tracked as CVE-2025-2233, puts some Samsung SmartThings devices at risk of attack. If you have a SmartThings Hub, this long-read will
CVE-2025-28886 - Understanding and Exploiting the CSRF Vulnerability in xjb REST API TO MiniProgram (Versions through 4.7.1)
---
Introduction
A critical security vulnerability, tracked as CVE-2025-28886, has been found in the popular xjb REST API TO MiniProgram. This flaw involves a Cross-Site
Episode
00:00:00
00:00:00