David Wilson is a security researcher specializing in network vulnerabilities. With a background in systems architecture, he analyzes emerging threats and documents technical findings.
SQLi
Alright folks, grab your coffee (or your preferred caffeinated beverage) because we're diving into a nasty vulnerability that hit the popular open-source wiki platform, XWiki. CVE-2025-32969 isn't just another bug; it's an unauthenticated SQL injection vulnerability lurking in the REST API. This means anyone
RCE
Executive Summary CVE-2024-53305 describes a critical vulnerability in Whoogle Search, specifically version 0.9.0. This vulnerability allows an attacker to execute arbitrary code by crafting a malicious search query. The root cause lies in the insecure deserialization of configuration data, which can be manipulated through a specially crafted search
Executive Summary CVE-2025-32428 describes a security vulnerability in jupyter-remote-desktop-proxy version 3.0.0. When configured with TigerVNC, the VNC server was unintentionally accessible via the network, rather than solely through a UNIX socket as intended. This could allow unauthorized network access to the VNC server. The vulnerability is resolved in
RCE
Executive Summary CVE-2024-12029 is a critical remote code execution (RCE) vulnerability affecting InvokeAI versions 5.3.1 through 5.4.2. This vulnerability stems from the unsafe deserialization of model files using torch.load without proper validation within the /api/v2/models/install API endpoint. An attacker can exploit this
RCE
Executive Summary CVE-2025-27520 is a critical vulnerability affecting BentoML, a Python library for building AI application serving systems. This vulnerability allows unauthenticated attackers to execute arbitrary code on the server due to insecure deserialization of untrusted data. Specifically, the vulnerability resides in the serde.py module and is triggered when
Identity
Executive Summary CVE-2025-29928 describes a critical vulnerability in authentik, an open-source identity provider. When authentik is configured to use database session storage (a non-default configuration), deleting user sessions through the web interface or API does not effectively revoke those sessions. Consequently, users whose sessions should have been terminated retain unauthorized
SQLi
Executive Summary CVE-2025-30367 is a critical SQL Injection vulnerability affecting WeGIA, a web manager for charitable institutions. The vulnerability resides in the nextPage parameter of the /WeGIA/controle/control.php endpoint. Unauthenticated attackers can exploit this flaw to manipulate SQL queries, potentially gaining access to sensitive database information, including table
Kubernetes
Introduction On March 24, 2025, a set of critical security vulnerabilities known collectively as "IngressNightmare" were disclosed in the Ingress NGINX Controller for Kubernetes. These vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) affect the admission controller component and could allow attackers to execute code remotely without authentication. This technical
Web
Executive Summary CVE-2025-29914 describes a vulnerability in OWASP Coraza Web Application Firewall (WAF) versions prior to 3.3.3. This vulnerability arises from a parser confusion issue when handling URIs that begin with double slashes (//). Due to this confusion, the REQUEST_FILENAME variable, which is crucial for rule matching, is
jwt
Executive Summary CVE-2025-30144 describes a critical vulnerability within the fast-jwt Node.js library, a popular package used for fast JSON Web Token (JWT) implementation. Versions prior to 5.0.6 are affected. The vulnerability stems from an improper validation of the iss (issuer) claim, as defined in RFC 7519. Specifically,
SQLi
Executive Summary CVE-2025-27018 is a critical SQL Injection vulnerability affecting Apache Airflow MySQL Provider versions prior to 6.2.0. This vulnerability arises from the improper neutralization of special elements within SQL commands used by the dump_sql and load_sql functions. An attacker could exploit this flaw by injecting
Containerd
Executive Summary CVE-2024-40635 is a vulnerability affecting containerd, a widely used open-source container runtime. This vulnerability stems from an integer overflow in the handling of User IDs (UIDs) and Group IDs (GIDs) when launching containers. Specifically, if a container is launched with a user specified as UID:GID where either