CVE-2024-12224 - How Improper Validation in idna (Rust's punycode crate) Opens the Door to Hostname Confusion Attacks
In early 2024, security researchers uncovered a vulnerability—CVE-2024-12224—affecting the idna crate, which is a crucial part of Rust's popular rust-url library.
CVE-2025-4123 - Chained Path Traversal & Open Redirect Leads to XSS & SSRF in Grafana
A newly identified security flaw, CVE-2025-4123, exposes the popular monitoring dashboard Grafana to risk of both cross-site scripting (XSS) and server-side request forgery (SSRF) attacks.
CVE-2024-9771 - How a Stored XSS in WP-Recall Plugin Let Admins Attack WordPress Sites Even Without “Unfiltered HTML”
A significant security bug, tracked as CVE-2024-9771, was discovered in the popular WP-Recall WordPress plugin. This vulnerability affects all versions before 16.26.12. What
CVE-2024-41446 - Stored XSS Vulnerability in Alkacon OpenCMS v17. — How Attackers Can Steal Your Session
A critical security bug, CVE-2024-41446, has been discovered in Alkacon OpenCMS v17.—a popular open-source content management system. This vulnerability allows hackers to run any
CVE-2025-24358 - Critical CSRF Protection Bypass in gorilla/csrf (Go)
gorilla/csrf is a popular middleware library that prevents Cross Site Request Forgery (CSRF) attacks in Go web apps and services. If you’re using
Episode
00:00:00
00:00:00