CVE-2026-22182 - Exploiting wpDiscuz’s Notification Flood Vulnerability (DoS) in WordPress
If you’re using the wpDiscuz plugin for WordPress (version before 7.6.47), your website could be at risk of a denial of service
CVE-2026-28697 - Remote Code Execution in Craft CMS via Twig SSTI and Malicious File Write
Craft CMS is a popular, flexible content management system used by designers and developers to build websites. In June 2026, a significant security flaw was
CVE-2025-66035 - XSRF Token Leak in Angular via Protocol-Relative URLs
A new critical vulnerability—CVE-2025-66035—has been found in Angular’s popular HttpClient, affecting versions prior to 19.2.16, 20.3.14, and 21.
CVE-2025-64149 - Exploiting CSRF in Jenkins Publish to Bitbucket Plugin to Steal Credentials
A new vulnerability has been discovered in the hugely popular Jenkins automation server. This bug, CVE-2025-64149, affects the _Publish to Bitbucket Plugin_ version .4 and
CVE-2025-58794 - Understanding and Exploiting CSRF in the “Notification for Telegram” Plugin (<= 3.5)
Rainafarai’s Notification for Telegram plugin is a popular solution for sending alerts from WordPress to Telegram. However, in early 2025, a major security flaw
Episode
00:00:00
00:00:00