CVE-2025-31123 - How Zitadel’s Expired JWT Keys Allowed Token Theft (With Exploit Guide)
Zitadel, the open-source identity infrastructure, has recently patched a critical flaw: CVE-2025-31123. This bug meant attackers could use *expired* JWT keys to claim fresh access
CVE-2024-2321 - Bypassing API Access Security in WSO2 Using Just a Refresh Token
---
WSO2 is a popular platform used by businesses and developers to manage APIs, identity, and access. If you’re running WSO2 API Manager, Identity
CVE-2024-12368 - How Odoo’s auth_oauth Module Exposed User OAuth Tokens (With Exploit Details)
CVE-2024-12368 is a critical vulnerability affecting Odoo Community 15. and Odoo Enterprise 15.. At the core of this vulnerability is improper access control in the
CVE-2025-26620 - Race Condition Vulnerability in Duende.AccessTokenManagement for .NET
CVE-2025-26620 is a newly disclosed vulnerability affecting the Duende.AccessTokenManagement library for .NET, which is widely used for managing OAuth and OpenID Connect access tokens.
CVE-2025-0516 - Exploiting Improper Authorization in GitLab CE/EE - How Limited Users Gain Unauthorized Access to Critical Project Data
On January 18, 2025, GitLab published an advisory for CVE-2025-0516, which discloses a serious improper authorization vulnerability in both GitLab Community Edition (CE) and Enterprise
Episode
00:00:00
00:00:00