CVE-2025-26620 - Race Condition Vulnerability in Duende.AccessTokenManagement for .NET
CVE-2025-26620 is a newly disclosed vulnerability affecting the Duende.AccessTokenManagement library for .NET, which is widely used for managing OAuth and OpenID Connect access tokens.
CVE-2025-0516 - Exploiting Improper Authorization in GitLab CE/EE - How Limited Users Gain Unauthorized Access to Critical Project Data
On January 18, 2025, GitLab published an advisory for CVE-2025-0516, which discloses a serious improper authorization vulnerability in both GitLab Community Edition (CE) and Enterprise
CVE-2025-1061 - Authentication Bypass Vulnerability in Nextend Social Login Pro Lets Attackers Impersonate Any WordPress User
In early 2025, a critical vulnerability was discovered in the popular Nextend Social Login Pro plugin for WordPress. Tracked as CVE-2025-1061, this flaw impacts plugin
CVE-2024-1211 - GitLab JWT OmniAuth CSRF Vulnerability Explored
If your organization uses GitLab for source control and has enabled JWT as an OmniAuth provider, you may be at risk of a newly disclosed
CVE-2025-22610 - Unauthorized Access to OAuth Secrets in Coolify (Explained and Exploited)
Coolify is an open-source and self-hostable platform that helps developers manage servers, applications, and databases—kind of like your all-in-one digital Swiss Army knife. But
Episode
00:00:00
00:00:00