As part of our ongoing research and consulting efforts, we frequently discover vulnerabilities in third-party products. Committed to enhancing the security of the digital ecosystem, we publish detailed security advisories according our vulnerability disclosure policy. You can find the full security advisories with complete details in our Github repository.
Below is an overview of our latest security advisories:
-
Filebrowser Insecure File Permissions (CVE-2025-52900)
-
Cyberduck and Mountain Duck – Weak Hash Algorithm for Certificate Fingerprint (CVE-2025-41256)
-
Cyberduck and Mountain Duck – Improper Certificate Store Handling (CVE-2025-41255)
-
Null pointer dereference in MediaTek Modem (CVE-2025-20647)
-
Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page (CVE-2024-13919)
-
Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page (CVE-2024-13918)
-
Mediatek Modem – Selection of less-secure algorithm during negotiation ‘algorithm downgrade’ (CVE-2024-20069)
-
ZTE ZXUN-ePDG – Use of non-unique cryptographic keys under default configuration (CVE-2024-22064)