CVE-2025-47273 - Critical Path Traversal in setuptools Before 78.1.1 — Exploiting Python Package Management
Published: June 2024
Severity: High
Component: setuptools (before 78.1.1)
Exploit Type: Path Traversal (Write Arbitrary Files / Possible Remote Code Execution)
Introduction
Python developers
CVE-2025-22233 - Bypassing disallowedFields Checks in Spring Framework Data Binding
A new vulnerability, CVE-2025-22233, has been discovered in the Spring Framework. This issue is a follow-up to CVE-2024-38820, which tried to make sure both parameter
CVE-2025-47287 - Denial-of-Service via Log Flood in Tornado's `multipart/form-data` Parser
A new high-impact vulnerability has been uncovered in Tornado, the popular Python web framework and async networking library. Tracked as CVE-2025-47287, this flaw allows a
CVE-2025-4664 - How a Chrome Loader Bug Let Attackers Leak Cross-Origin Data (Exploit & Analysis)
Insufficient policy enforcement bugs can be the secret doorways for web attackers. CVE-2025-4664 concerns a serious flaw in Google Chrome’s Loader component, fixed in
CVE-2025-32709 - Exploiting Use-After-Free in Windows Ancillary Function Driver for WinSock (AFD.sys) for Local Privilege Escalation
On April 10, 2025, a new local privilege escalation vulnerability was uncovered in Microsoft Windows' core network subsystem, specifically in the Ancillary Function Driver
Episode
00:00:00
00:00:00