The December 2025 Security Update Review

December 09, 2025 | Dustin Childs CONTINUE READING
CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management
Blog post

CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management

Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
Blog post

Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading

MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja
Blog post

MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja

Riding the InfoRail to Exploit Ivanti Avalanche – Part 2
Blog post

Riding the InfoRail to Exploit Ivanti Avalanche – Part 2

CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution
Blog post

CVE-2022-34715: More Microsoft Windows NFS v4 Remote Code Execution

Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack
Blog post

Looking at Patch Gap Vulnerabilities in the VMware ESXi TCP/IP Stack

CVE-2022-30136: Microsoft Windows Network File System v4 Remote Code Execution Vulnerability
Blog post

CVE-2022-30136: Microsoft Windows Network File System v4 Remote Code Execution Vulnerability

CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
Blog post

CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack

Is exploiting a null pointer deref for LPE just a pipe dream?
Blog post

Is exploiting a null pointer deref for LPE just a pipe dream?

CVE-2022-26381: Gone by others! Triggering a UAF in Firefox
Blog post

CVE-2022-26381: Gone by others! Triggering a UAF in Firefox