Series

Look Backs

Retrospective writeups on CVEs from 6 to 12 months ago. Each entry revisits a vulnerability with hindsight — what we now know about the bug, the vendor response, and what teams should take away.

5 entries to date

  1. #5 CVE-2024-0769 A critical path traversal vulnerability, identified as CVE-2024-0769, exists in the D-Link DIR-859 router. This flaw allows an unauthenticated attacker with network access to read sensitive files on t 2026-06-14
  2. #4 CVE-2025-8047 A critical vulnerability has been identified in two WordPress plugins, `disable-right-click-powered-by-pixterme` and `pixter-image-digital-license`. The plugins load a compromised JavaScript file from 2026-06-07
  3. #3 CVE-2025-56267 A critical remote code execution vulnerability, identified as CVE-2025-56267, has been discovered in Avigilon Access Control Manager (ACM). An attacker can exploit this flaw by uploading a specially c 2026-05-23
  4. #2 CVE-2025-41672 A critical vulnerability has been identified in multiple JSON Web Token (JWT) authentication systems that allows a remote, unauthenticated attacker to gain complete administrative access. This issue s 2026-05-22
  5. #1 CVE-2025-24990 A high-severity vulnerability has been identified in a third-party modem driver that is included with Microsoft Windows operating systems. This flaw is being actively exploited by attackers and could 2026-05-21