CVE-2024-43710 - Simple Guide to Exploiting SSRF in Kibana’s `/api/fleet/health_check` API
A new server side request forgery (SSRF) bug, CVE-2024-43710, was discovered in Kibana—the popular open-source data visualization tool for Elasticsearch. This vulnerability lets attackers
CVE-2025-24030 - Path Traversal Attack in Envoy Gateway's Envoy Admin Interface (<= v1.2.5) — Exploit Details, Impact, and Mitigation
Envoy Gateway is a popular open-source platform for managing Envoy Proxy as an API or application gateway, either standalone or within Kubernetes clusters. It simplifies
CVE-2025-23047 - Sensitive Data Exposure in Cilium Hubble UI via Insecure CORS Settings
CVE-2025-23047 is a recently disclosed security vulnerability affecting Cilium, a widely-used networking, observability, and security solution for containerized environments like Kubernetes. The issue involves insecure
CVE-2025-24403 - Exploiting Missing Permission Checks in Jenkins Azure Service Fabric Plugin (<= 1.6)
In February 2025, a security flaw was discovered in the Jenkins Azure Service Fabric Plugin (version 1.6 and earlier). Identified as CVE-2025-24403, this vulnerability
CVE-2025-24397 - How an Incorrect Permission Check in Jenkins GitLab Plugin Leaks Credential IDs
On March 18, 2025, CVE-2025-24397 was published, spotlighting a serious security issue in the widely used Jenkins GitLab Plugin. This vulnerability affects versions 1.9.
Episode
00:00:00
00:00:00