CVE-2025-2905 - XXE in WSO2 API Manager Gateway – Exploiting XML Path Injection for Data Theft and Denial of Service
Published: 2024-06-01 <br>Severity: High <br>CVSS: 8.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/
CVE-2025-3501 - How a Misconfigured Policy in Keycloak Skips Trust Store Verification (Full Analysis & Exploit Demo)
Keycloak is a widely used open-source identity and access management solution. It helps secure apps by handling login, SSO, role-based access controls, and more. In
CVE-2025-31650 - Memory Leak and Denial of Service in Apache Tomcat via Broken HTTP Priority Headers
A newly disclosed vulnerability with the identifier CVE-2025-31650 has been discovered in Apache Tomcat, one of the most widely used Java web servers in the
CVE-2025-31651 - Exploiting Rewrite Rule Bypass in Apache Tomcat — Details, Demo, and Defense
Apache Tomcat is one of the world’s most popular Java web servers. This spring, security researchers found a serious flaw — CVE-2025-31651 — that affects how
CVE-2025-22235 - Security Bypass in Spring Security EndpointRequest.to() When Endpoint is Disabled or Not Exposed
In early 2025, a new vulnerability was assigned as CVE-2025-22235, affecting applications that rely on Spring Security to protect application endpoints. This particular weakness is
Episode
00:00:00
00:00:00