CVE-2025-48493 - Sensitive Redis AUTH Credentials Logged in Plain Text by Yii2 Redis Extension
If you build web applications using the PHP Yii2 framework, you might use the Yii2 Redis extension to connect your app to a Redis database.
CVE-2025-48951 - Insecure Deserialization in Auth-PHP SDK — How Malicious Cookies Can Compromise Your PHP App
A serious vulnerability (CVE-2025-48951) has been discovered in Auth-PHP, an SDK used for authentication and user management with Auth. If your app uses Auth-PHP versions
CVE-2025-49113 - Remote Code Execution in Roundcube Webmail via Authenticated PHP Object Deserialization
CVE-2025-49113 is a critical vulnerability affecting Roundcube Webmail (before version 1.5.10 and 1.6.x before 1.6.11). If you’re running
CVE-2025-48828 - How a Simple Trick in vBulletin Template Conditionals Let Hackers Run Any PHP Code
In May 2025, a major security flaw surfaced in popular forum software vBulletin. The issue, tracked as CVE-2025-48828, allows hackers to run arbitrary PHP code
CVE-2025-48827 - How Hackers Bypassed vBulletin API Protections (With Exploit Details)
---
If you run a vBulletin forum, this is for you. In May 2025, security researchers found a critical vulnerability (CVE-2025-48827) affecting vBulletin 5.. – 5.
Episode
00:00:00
00:00:00