SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Buffer Busted: FortiOS Users Urged to Patch Buffer Overflow Vulnerability
Fortinet disclosed a critical security vulnerability in its FortiOS operating system, which is CVE-2025-24477. The flaw is classified as CWE-122, a heap-based buffer overflow, and affects the cw_stad daemon, a core component responsible for wireless station management. This vulnerability enables exp...
CVE Research
NTLM Hijack: DNN Users Urged to Patch Critical Unicode Flaw
DotNetNuke (DNN), a widely used open-source content management system (CMS) built on the .NET framework, has a critical vulnerability. This flaw, CVE-2025-52488, allows attackers to hijack NTLM through a Unicode normalization bypass. This can lead to the theft of sensitive credentials, potentially c...
CVE Research
CISA Issues Warning: Ongoing Attacks Exploiting Ruby on Rails Path Traversal Bug
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about an actively exploited path traversal vulnerability in the Ruby on Rails framework. Tracked as CVE-2019-5418, this flaw allows attackers to access arbitrary files on target servers. Given the active exploi...
CVE Research
Ivanti EPM Under Fire: How Attackers Can Steal Credentials and Access Your Data
Ivanti has recently addressed three high-severity vulnerabilities in its Endpoint Manager (EPM) software. These flaws could allow attackers to decrypt other users’ passwords or access sensitive database information if exploited. This blog post provides a detailed overview of these vulnerabilities an...
CVE Research
Bypassing Secure Boot: A Linux Initramfs Vulnerability (CVE-2016-4484)
Modern Linux systems implement layers of security, including Secure Boot, full-disk encryption, and bootloader passwords. However, a long-standing vulnerability in the Linux boot process—CVE-2016-4484—exposes a critical gap that allows attackers to bypass these protections by abusing the initramfs (...
CVE Research
Cisco Warns of Hardcoded Root SSH Credentials in Unified CM
A critical security vulnerability has been discovered in Cisco Unified Communications Manager (Unified CM), presenting a serious threat to organizations running impacted versions. Tracked as CVE-2025-20309 and carrying a maximum CVSS score of 10.0, the issue arises from hardcoded root credentials. T...
CVE Research
Vulnerability Management vs. Exposure Management: What’s the Difference
In the world of cybersecurity, there’s always a new buzzword, but some trends are more than just hype. Over the last couple of years, “exposure management” has been quietly gaining traction. While most organizations still rely on traditional vulnerability management to keep threats at bay, the reali...
CVE Research
What Might Be a Phishing Message?
Phishing remains one of the most common and dangerous cybersecurity threats facing individuals and organizations today. It’s often the entry point for more serious attacks, including ransomware, data theft, and business email compromise.