CVE-2024-11931 - Exfiltrating GitLab Protected CI Variables via CI Lint (A Simple Guide With Exploit Details)
In February 2024, a critical vulnerability (CVE-2024-11931) was found affecting multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE). If you care about
CVE-2023-27112 - SQL Injection in pearProjectApi v2.8.10 (project.php `projectCode` Parameter) Explored
In early 2023, a serious vulnerability was discovered in the popular open-source tool pearProjectApi, version 2.8.10. This post dives into CVE-2023-27112, an SQL
CVE-2023-27113 - SQL Injection in pearProjectApi v2.8.10 via organizationCode (project.php) – A Deep Dive
In early 2023, a critical SQL injection vulnerability was discovered in the popular PHP project management tool, pearProjectApi (version 2.8.10). Tracked as CVE-2023-27113,
CVE-2025-24011 - Information Disclosure in Umbraco CMS UserExistance via API Timing Attack
In June 2025, a new vulnerability has been disclosed for the Umbraco .NET content management system (CMS), tracked as CVE-2025-24011. This issue affects all releases
CVE-2025-22710 - Blind SQL Injection in StoreApps Smart Manager (Up to v8.52.) – Deep Dive and Exploit Example
Published: June 2024
CVE: CVE-2025-22710
Affected Product: StoreApps Smart Manager (for WooCommerce)
Vulnerable Versions: All versions up to and including 8.52.
Vulnerability Type: Blind
Episode
00:00:00
00:00:00