CVE-2025-0684 - Exploiting Grub2's ReiserFS Symlink Handling for Secure Boot Bypass
_Discovered in early 2025, CVE-2025-0684 exposes a critical flaw in GRUB2's implementation of the ReiserFS filesystem. This vulnerability lets attackers craft malicious ReiserFS
CVE-2024-55532 - Formula Injection in Apache Ranger CSV Export—How Hackers Can Turn Your CSV Into Their Playground
In April 2024, a new vulnerability emerged for everyone who uses Apache Ranger: CVE-2024-55532. This flaw deals with something that sounds boring but can be
CVE-2025-25953 - Azure JWT Access Token Exposure in Serosoft Academia SIS EagleR v1..118
In early 2025, a critical security flaw labeled CVE-2025-25953 was discovered in the Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1..118.
CVE-2025-27142 - Critical Path Traversal and RCE Vulnerability in LocalSend (Pre-1.17.)
LocalSend is a popular, open-source application for secure, direct file and message transfers over local networks—no Internet required. It’s loved for its simplicity:
CVE-2025-23046 - How a Vulnerability in GLPI’s OauthIMAP Plugin Can Let Attackers Sneak Into Your IT Management System
GLPI is a popular open-source IT asset and service management tool that’s especially favored by sysadmins in businesses and schools. Security is key for
Episode
00:00:00
00:00:00