Latest Episodes
![[CVE-2026-23498]Shopware vulnerability](https://episodes.castos.com/695ccba4602289-97122102/images/2325297/c1a-6mz90-34xn5dj8ak31-giqevf.jpg)
[CVE-2026-23498]Shopware vulnerability
Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure...
![[CVE-2026-23478]Authentication Bypass via Unvalidated Email in Custom JWT Callback](https://episodes.castos.com/695ccba4602289-97122102/images/2322817/c1a-6mz90-7zr2kgz1fw8d-qvrdyx.jpg)
[CVE-2026-23478]Authentication Bypass via Unvalidated Email in Custom JWT Callback
Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to...
![[CVE-2025-69264]pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"](https://episodes.castos.com/695ccba4602289-97122102/images/2321089/c1a-6mz90-okp3vwk0bpd7-9hvvu6.jpg)
[CVE-2025-69264]pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"
A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle...
Hi! Hello World!
The Apache Software Foundation has released Apache HTTP Server 2.4.66.
The Apache Software Foundation has released Apache HTTP Server 2.4.66 to address multiple vulnerabilities in the Apache HTTP Server 2.4 series.
Information Disclosure Vulnerability in MongoDB (CVE-2025-14847)
On December 19, 2025, MongoDB disclosed information regarding a vulnerability (CVE-2025-14847) in MongoDB involving information disclosure from uninitialized heap memory. If exploited, an unauthenticated...