CVE-2025-31650 - Memory Leak and Denial of Service in Apache Tomcat via Broken HTTP Priority Headers
A newly disclosed vulnerability with the identifier CVE-2025-31650 has been discovered in Apache Tomcat, one of the most widely used Java web servers in the
CVE-2025-22235 - Security Bypass in Spring Security EndpointRequest.to() When Endpoint is Disabled or Not Exposed
In early 2025, a new vulnerability was assigned as CVE-2025-22235, affecting applications that rely on Spring Security to protect application endpoints. This particular weakness is
CVE-2025-31324 - SAP NetWeaver Visual Composer Metadata Uploader Unauthenticated File Upload – Deep Dive and Exploit
Summary:
A new vulnerability, CVE-2025-31324, has been identified in SAP NetWeaver Visual Composer. This flaw allows anyone—without any login or authentication—to upload files,
CVE-2025-27820 - How a Tiny Bug in Apache HttpClient 5.4.x Broke Cookie Security and Hostname Checks
In early 2025, the Apache HttpClient team uncovered a subtle but critical bug in their popular HTTP communication library, culminating in the vulnerability tracked as
CVE-2024-41446 - Stored XSS Vulnerability in Alkacon OpenCMS v17. — How Attackers Can Steal Your Session
A critical security bug, CVE-2024-41446, has been discovered in Alkacon OpenCMS v17.—a popular open-source content management system. This vulnerability allows hackers to run any
Episode
00:00:00
00:00:00