Mattermost OAuth State Token Validation Flaw CVE-2025-12419 lets attackers bypass OAuth checks in Mattermost. This critical bug allows full account takeover via forged state tokens. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Mattermost

Mattermost CVE-2025-12421: Critical SSO Flaw A critical SSO code exchange bug in Mattermost lets attackers take over accounts. Patch ASAP to secure your teams. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #SSO zeropath.com/blog/mattermos…

Keras CVE-2025-12060: Path Traversal Flaw A critical path traversal bug in Keras lets attackers access files outside intended directories. Patch ASAP to stay secure. For more details, read ZeroPath's blog on this vuln. #AppSec #MLSecurity #InfoSec zeropath.com/blog/cve-2025-…

Avast Antivirus CVE-2025-3500: Integer Overflow A new integer overflow in Avast Antivirus could allow privilege escalation. Patch ASAP if you use Avast in your environment. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Vulnerability

Avast Antivirus for macOS: CVE-2025-8351 A heap-based buffer overflow and out-of-bounds read vulnerability puts users at risk of code execution and data leaks. Patch as soon as you can. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec

IBM Informix Dynamic Server: Local Auth Bypass Issue CVE-2024-45675 allows local attackers to bypass authentication on Windows systems. Patch ASAP if you rely on Informix for critical data. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec

vLLM RCE via Model Config Auto-Mapping: CVE-2025-66448 Attackers can trigger remote code execution in vLLM through unsafe model config mapping in unpatched versions. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #MachineLearning #InfoSec

SureMail WordPress Plugin: Unrestricted File Upload Vulnerability CVE-2025-13516 in SureMail allows attackers to upload malicious files without restriction. Sites running this plugin should update now. For more details, read ZeroPath's blog on this vuln. #WordPress #AppSec

AI Finds 8 New FFmpeg Vulnerabilities ZeroPath researchers used AI to autonomously discover 8 vulnerabilities in FFmpeg. Automation is accelerating vulnerability discovery in key open source projects. For more details, read ZeroPath's blog on this vuln. #AppSec #AI

7 FFmpeg Vulnerabilities Uncovered by AI Our latest research uses AI to autonomously discover 7 new vulnerabilities in FFmpeg. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #AI zeropath.com/blog/autonomou…

Openclaw (Clawdbot) Vulnerability Alert Malicious websites can exploit Openclaw to steal user credentials through crafted payloads. Tighten browser security and check configs. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #InfoSec

ZeroPath Exploit Development CTFs Looking to sharpen your exploit dev skills? ZeroPath runs hands-on CTFs focused on real-world vulnerabilities and practical techniques. For more details, read ZeroPath's blog on this vuln. #AppSec #ExploitDev #InfoSec zeropath.com/blog/zeropath-…

Why Commenda Chose ZeroPath for Security Commenda picked ZeroPath to protect their global tax platform, citing our deep expertise in risk assessment and proactive threat detection. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #InfoSec

Scaling AppSec at Aptos Labs: AI SAST for Rust Aptos Labs is securing over 1M lines of Rust code with AI-powered SAST, enabling rapid detection of bugs and vulnerabilities at scale. For more details, read ZeroPath's blog on this vuln. #AppSec #Rust #AI zeropath.com/blog/aptos-lab…

Best SAST Tools for 2026: What to Know Choosing the right SAST tool is tough. We break down the top 7 for AppSec teams and CISOs, comparing features and use cases. For more details, read ZeroPath's blog on this vuln. #AppSec #DevSecOps #SAST zeropath.com/blog/best-sast…

36 Sudo Bug Fixes Reduce CrackArmor Impact ZeroPath uncovered that 36 recent Sudo patches directly limit CrackArmor exploitation routes. For more details, read ZeroPath's blog on this vuln. #AppSec #Linux #InfoSec zeropath.com/blog/sudo-bug-…

Opus 4.6 Vulnerability Detection: Pros and Cons Opus 4.6 shows promise for catching vulns but beware the high false positive rate. Teams will need solid tuning for real-world use. For more details, read ZeroPath's blog on this vuln. #AppSec #VulnDetection #InfoSec

RAGFlow Post-Auth RCE Vulnerability A serious post-auth RCE bug in RAGFlow lets attackers execute code after login. Patch ASAP to protect your environment. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #RCE zeropath.com/blog/ragflow-r…

Critical RCE in Spinnaker: Patch Now Two critical Spinnaker vulnerabilities (CVSS 10.0) allow remote code execution and full production takeover. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #CloudSecurity #ZeroTrust zeropath.com/blog/spinnaker…

CVE-2026-42167 impacts ProFTPD This vuln enables auth bypass, privilege escalation, and code execution. Prioritize patching if you're running ProFTPD. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #ProFTPD zeropath.com/blog/proftpd-c…