CVE-2025-31644 - Exploiting Command Injection in F5 BIG-IP iControl REST and TMOS Shell (tmsh)
On June 2025, a critical vulnerability (CVE-2025-31644) was disclosed in F5 BIG-IP systems, specifically when running in Appliance mode. This flaw allows authenticated administrators to
CVE-2025-25014 - Prototype Pollution in Kibana Allows Remote Code Execution
In early 2025, a new high-impact vulnerability—CVE-2025-25014—was discovered in Kibana, the popular open-source data visualization tool that works with Elasticsearch. This bug, known
CVE-2025-2905 - XXE in WSO2 API Manager Gateway – Exploiting XML Path Injection for Data Theft and Denial of Service
Published: 2024-06-01 <br>Severity: High <br>CVSS: 8.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/
CVE-2025-4166 - How HashiCorp Vault kv v2 Plugin Could Leak Secrets via API – Explained
Summary:
A new vulnerability, CVE-2025-4166, affects HashiCorp Vault users worldwide. Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may expose sensitive information
CVE-2025-46565 - The Vite Slash-Dot Bypass Vulnerability — How Dev Server Leaks Your Secret Files
Vite, the blazing-fast frontend tooling framework loved by modern JavaScript developers, recently faced a significant security flaw (CVE-2025-46565) that exposed sensitive files during development. Even
Episode
00:00:00
00:00:00