Django Unicorn Class Pollution, GeoTools XPath Manipulation, Eladmin CSV Injection, Zimbra SQL Injection, Woocomerce Taxi Booking Deserialization and more

Week 5 ending 6th Feb, 2025. In this episode, we dive deep into the latest security advisories, uncovering a surge of critical vulnerabilities affecting a wide range of software. From command injection flaws in EasyVirt DCScope and privilege escalation vulnerabilities due to weak encryption, to remote code execution exploits in Advantive VeraCore and ClassCMS, we break down the threats and their potential impact. We also discuss a concerning class pollution vulnerability in Django-Unicorn that can lead to XSS, DoS, and authentication bypass. Plus, we'll cover SQL injection flaws in Moss and Zimbra Collaboration, file upload vulnerabilities in ChestnutCMS, and memory corruption issues. Stay informed and learn how to protect your systems from these emerging threats!