CVE-2025-13836 - HTTP Client Memory Exhaustion Vulnerability Explained
HTTP clients are everywhere—web browsers, API clients, bots. But sometimes, an overlooked default can open the door for attackers. CVE-2025-13836 highlights one of these
CVE-2025-66035 - XSRF Token Leak in Angular via Protocol-Relative URLs
A new critical vulnerability—CVE-2025-66035—has been found in Angular’s popular HttpClient, affecting versions prior to 19.2.16, 20.3.14, and 21.
CVE-2025-58360 - How an XXE Flaw in GeoServer Exposed Sensitive Data Via GetMap Requests
GeoServer, the popular open-source geospatial server, is often used by organizations to share and visualize spatial data. In early 2025, security researchers discovered a new
CVE-2025-11931 - Integer Underflow in XChaCha20-Poly1305 Decrypt Leads to Out-of-Bounds Access
A new vulnerability, CVE-2025-11931, has been discovered in the implementation of XChaCha20-Poly1305 in several open-source cryptographic libraries. This bug specifically affects direct uses of the
CVE-2025-41115 - Exploiting SCIM Provisioning in Grafana to Impersonate and Elevate Privileges
In April, Grafana introduced SCIM provisioning via Grafana Enterprise and Grafana Cloud. The intention was to help organizations automate user management—handling onboarding, offboarding, and
Episode
00:00:00
00:00:00