CVE-2025-25614 - Privilege Escalation in Unifiedtransform 2. via Incorrect Access Control
Unifiedtransform is a popular open-source school management and examination platform, used by educational institutions worldwide. But in early 2025, a security issue—now indexed as
CVE-2025-27636 - Exploiting Method Invocation Injection in Apache Camel-Bean Component
Published: 2025-02-29
Severity: High (Bypass/Injection)
Affected Packages: apache-camel (see Advisory)
Patched in: 4.10.2 (4.10.x LTS), 4.8.5 (4.8.
CVE-2024-11957 - Breaking Down an Unpatched Digital Signature Bug in Kingsoft WPS Office (ksojscore.dll) Enabling Arbitrary DLL Loading
Kingsoft WPS Office is a widely-used productivity suite that's especially popular in China and among users who want a free alternative to Microsoft
CVE-2025-1695 - NGINX Unit Java Module Vulnerability Could Trigger CPU Spikes and Limited DoS
Published: June 2024
Severity: Medium
Affected Product: NGINX Unit (Java Language Module)
Versions Impacted: Before 1.34.2
In this post, we'll dig
CVE-2025-27221 - How Ruby’s URI Gem Leaks Authentication Credentials—Vulnerability Details, Exploit, and Fixes
In early 2025, a critical vulnerability was discovered in the widely-used URI gem for Ruby, listed as CVE-2025-27221. This issue affects all versions before 1.
Episode
00:00:00
00:00:00