CVE-2025-27915 - Stored XSS in Zimbra 9/10 Allows Email Hijack via Malicious ICS Files
A newly disclosed vulnerability, CVE-2025-27915, affects Zimbra Collaboration Suite (ZCS) versions 9., 10., and 10.1. Zimbra is a widely-used open-source email and collaboration platform
CVE-2025-25977 - Remote Code Execution in canvg v4..2 via StyleElement Constructor
A new critical security flaw, CVE-2025-25977, has been discovered in canvg, a popular JavaScript library for rendering SVGs on Canvas. This vulnerability affects version v4.
CVE-2025-27506 - Reflected XSS in NocoDB Password Reset Endpoint – How It Happened and Exploit Details
NocoDB is a powerful open-source tool that lets you build databases visually, much like working with a spreadsheet. It’s popular for managing information with
CVE-2025-27500 - Exploiting An Unauthenticated File Upload Vulnerability in OpenZiti Admin Panel
OpenZiti is a popular free and open-source project that focuses on bringing zero trust networking to any application or environment. As the project gained users
CVE-2025-0555 - How a Simple XSS in GitLab-EE Can Give Attackers Control
The world of cybersecurity is always on the move. In early 2025, a severe Cross-Site Scripting (XSS) vulnerability hit GitLab Enterprise Edition (GitLab-EE), tracked as
Episode
00:00:00
00:00:00