CVE-2025-1128 - Everest Forms WordPress Plugin Vulnerability—How Hackers Can Upload, Read, and Delete Any File on Your Site
In early 2025, security researchers disclosed a severe vulnerability—CVE-2025-1128—affecting the widely used Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder
CVE-2025-1063 - Exploiting Sensitive Data Exposure in The Classified Listing – Classified Ads & Business Directory Plugin for WordPress (Up to v4..4)
WordPress powers millions of websites, and plugins bring essential features to site owners. But what happens when a plugin has a vulnerability that leaks sensitive
CVE-2025-1646 - Critical Unrestricted File Upload Vulnerability in Lumsoft ERP 8 (ASPX File Handler Exploit Guide)
A new critical security vulnerability has been identified in Lumsoft ERP 8, impacting the /Api/TinyMce/UploadAjaxAPI.ashx endpoint. This vulnerability, tracked as CVE-2025-1646, allows
CVE-2025-27144 - Denial of Service in Go JOSE Due to Excessive Memory Usage on Malicious JWT Input
Go JOSE is a popular Go library that makes dealing with JWT, JWE, and JWS standards easy and safe. However, if you are using version
CVE-2025-27364 - RCE in MITRE Caldera Through Agent Compilation API (Full Exploit and Deep Dive)
If you run MITRE Caldera, especially versions through 4.2. and 5.. before commit 35bc06e, you should know about a critical Remote Code Execution (RCE)
Episode
00:00:00
00:00:00