CVE-2025-25953 - Azure JWT Access Token Exposure in Serosoft Academia SIS EagleR v1..118
In early 2025, a critical security flaw labeled CVE-2025-25953 was discovered in the Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1..118.
CVE-2025-27142 - Critical Path Traversal and RCE Vulnerability in LocalSend (Pre-1.17.)
LocalSend is a popular, open-source application for secure, direct file and message transfers over local networks—no Internet required. It’s loved for its simplicity:
CVE-2025-23046 - How a Vulnerability in GLPI’s OauthIMAP Plugin Can Let Attackers Sneak Into Your IT Management System
GLPI is a popular open-source IT asset and service management tool that’s especially favored by sysadmins in businesses and schools. Security is key for
CVE-2025-27218 - Critical Remote Code Execution in Sitecore XM/XP 10.4 via Insecure Deserialization
Sitecore is a popular enterprise-grade content management system used by organizations worldwide. In March 2025, a serious vulnerability was identified in Sitecore Experience Manager (XM)
CVE-2025-24989 - Power Pages Improper Access Control Flaw Explained, With Exploit Details
In early 2025, security researchers found an improper access control vulnerability in Microsoft's Power Pages platform, tracked as CVE-2025-24989. This issue allowed unauthorized
Episode
00:00:00
00:00:00