CVE-2025-48951 - Insecure Deserialization in Auth-PHP SDK — How Malicious Cookies Can Compromise Your PHP App
A serious vulnerability (CVE-2025-48951) has been discovered in Auth-PHP, an SDK used for authentication and user management with Auth. If your app uses Auth-PHP versions
CVE-2025-49113 - Remote Code Execution in Roundcube Webmail via Authenticated PHP Object Deserialization
CVE-2025-49113 is a critical vulnerability affecting Roundcube Webmail (before version 1.5.10 and 1.6.x before 1.6.11). If you’re running
CVE-2025-48828 - How a Simple Trick in vBulletin Template Conditionals Let Hackers Run Any PHP Code
In May 2025, a major security flaw surfaced in popular forum software vBulletin. The issue, tracked as CVE-2025-48828, allows hackers to run arbitrary PHP code
CVE-2025-48827 - How Hackers Bypassed vBulletin API Protections (With Exploit Details)
---
If you run a vBulletin forum, this is for you. In May 2025, security researchers found a critical vulnerability (CVE-2025-48827) affecting vBulletin 5.. – 5.
CVE-2025-35939 - How Unauthenticated Users Could Inject Content into Craft CMS Session Files
*Published: June 2024*
Craft CMS is a widely used content management system for building flexible websites and digital experiences. But recently, a serious vulnerability (tracked
Episode
00:00:00
00:00:00