CVE-2025-46727 - Rack’s QueryParser Parameter Bomb (Denial-of-Service Vulnerability)
A new, critical vulnerability has been discovered in the Rack Ruby web server interface, identified as CVE-2025-46727. This vulnerability can cause denial-of-service (DoS) on any
CVE-2025-35939 - How Unauthenticated Users Could Inject Content into Craft CMS Session Files
*Published: June 2024*
Craft CMS is a widely used content management system for building flexible websites and digital experiences. But recently, a serious vulnerability (tracked
CVE-2025-31644 - Exploiting Command Injection in F5 BIG-IP iControl REST and TMOS Shell (tmsh)
On June 2025, a critical vulnerability (CVE-2025-31644) was disclosed in F5 BIG-IP systems, specifically when running in Appliance mode. This flaw allows authenticated administrators to
CVE-2025-20188 - How Unauthenticated File Upload in Cisco IOS XE WLCs Puts Your Network at Risk
On June 2024, a critical security vulnerability, CVE-2025-20188, was uncovered in the Out-of-Band AP Image Download feature of Cisco IOS XE Software running on Wireless
CVE-2025-4372 - Exploiting Use-After-Free in WebAudio on Google Chrome (Pre-136..7103.92)
In early 2025, a new Chrome vulnerability was disclosed: CVE-2025-4372. This bug allows remote attackers to corrupt the heap by exploiting a Use-After-Free (UAF) flaw
Episode
00:00:00
00:00:00