ZeroPath Labs

36 Sudo Bug Fixes Reduce CrackArmor Impact ZeroPath uncovered that 36 recent Sudo patches directly limit CrackArmor exploitation routes. For more details, read ZeroPath's blog on this vuln. #AppSec #Linux #InfoSec zeropath.com/blog/sudo-bug-…

Best SAST Tools for 2026: What to Know Choosing the right SAST tool is tough. We break down the top 7 for AppSec teams and CISOs, comparing features and use cases. For more details, read ZeroPath's blog on this vuln. #AppSec #DevSecOps #SAST zeropath.com/blog/best-sast…

Scaling AppSec at Aptos Labs: AI SAST for Rust Aptos Labs is securing over 1M lines of Rust code with AI-powered SAST, enabling rapid detection of bugs and vulnerabilities at scale. For more details, read ZeroPath's blog on this vuln. #AppSec #Rust #AI zeropath.com/blog/aptos-lab…

Why Commenda Chose ZeroPath for Security Commenda picked ZeroPath to protect their global tax platform, citing our deep expertise in risk assessment and proactive threat detection. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #InfoSec zeropath.com/blog/commenda-…

ZeroPath Exploit Development CTFs Looking to sharpen your exploit dev skills? ZeroPath runs hands-on CTFs focused on real-world vulnerabilities and practical techniques. For more details, read ZeroPath's blog on this vuln. #AppSec #ExploitDev #InfoSec zeropath.com/blog/zeropath-…

Openclaw (Clawdbot) Vulnerability Alert Malicious websites can exploit Openclaw to steal user credentials through crafted payloads. Tighten browser security and check configs. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #InfoSec zeropath.com/blog/openclaw-…

7 FFmpeg Vulnerabilities Uncovered by AI Our latest research uses AI to autonomously discover 7 new vulnerabilities in FFmpeg. For more details, read ZeroPath's blog on this vuln. #AppSec #CyberSecurity #AI zeropath.com/blog/autonomou…

AI Finds 8 New FFmpeg Vulnerabilities ZeroPath researchers used AI to autonomously discover 8 vulnerabilities in FFmpeg. Automation is accelerating vulnerability discovery in key open source projects. For more details, read ZeroPath's blog on this vuln. #AppSec #AI #OpenSourceSecurity zeropath.com/blog/autonomou…

SureMail WordPress Plugin: Unrestricted File Upload Vulnerability CVE-2025-13516 in SureMail allows attackers to upload malicious files without restriction. Sites running this plugin should update now. For more details, read ZeroPath's blog on this vuln. #WordPress #AppSec #InfoSec zeropath.com/blog/cve-2025-…

vLLM RCE via Model Config Auto-Mapping: CVE-2025-66448 Attackers can trigger remote code execution in vLLM through unsafe model config mapping in unpatched versions. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #MachineLearning #InfoSec zeropath.com/blog/cve-2025-…

IBM Informix Dynamic Server: Local Auth Bypass Issue CVE-2024-45675 allows local attackers to bypass authentication on Windows systems. Patch ASAP if you rely on Informix for critical data. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #DatabaseSecurity zeropath.com/blog/cve-2024-…

Avast Antivirus for macOS: CVE-2025-8351 A heap-based buffer overflow and out-of-bounds read vulnerability puts users at risk of code execution and data leaks. Patch as soon as you can. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec zeropath.com/blog/cve-2025-…

Avast Antivirus CVE-2025-3500: Integer Overflow A new integer overflow in Avast Antivirus could allow privilege escalation. Patch ASAP if you use Avast in your environment. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Vulnerability zeropath.com/blog/cve-2025-…

Keras CVE-2025-12060: Path Traversal Flaw A critical path traversal bug in Keras lets attackers access files outside intended directories. Patch ASAP to stay secure. For more details, read ZeroPath's blog on this vuln. #AppSec #MLSecurity #InfoSec zeropath.com/blog/cve-2025-…

Mattermost CVE-2025-12421: Critical SSO Flaw A critical SSO code exchange bug in Mattermost lets attackers take over accounts. Patch ASAP to secure your teams. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #SSO zeropath.com/blog/mattermos…

Mattermost OAuth State Token Validation Flaw CVE-2025-12419 lets attackers bypass OAuth checks in Mattermost. This critical bug allows full account takeover via forged state tokens. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Mattermost zeropath.com/blog/cve-2025-…

Blubrry PowerPress CVE-2025-13536: File Upload Flaw There's an arbitrary file upload vulnerability in Blubrry PowerPress. Potential for remote code execution. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #WordPress #AppSec #InfoSec zeropath.com/blog/cve-2025-…

D-Link DIR-822K & DWR-M920: CVE-2025-13547 Alert A memory corruption flaw lets attackers potentially gain code execution on these routers. Patch ASAP to protect your network. For more details, read ZeroPath's blog on this vuln. #AppSec #IoT #CyberSecurity zeropath.com/blog/cve-2025-…

Grafana Enterprise SCIM Privilege Escalation (CVE-2025-41115) A new privilege escalation flaw lets attackers abuse SCIM in Grafana Enterprise for admin access. Patch immediately. For more details, read ZeroPath's blog on this vuln. #AppSec #InfoSec #Grafana zeropath.com/blog/grafana-e…

CVE-2025-12160: Stored XSS in Simple User Registration for WordPress Attackers can inject persistent scripts via form fields, risking site compromise for admins and users. Patch ASAP. For more details, read ZeroPath's blog on this vuln. #AppSec #WordPress #InfoSec zeropath.com/blog/cve-2025-…