Volerion

Welcome to the Volerion Blog, where we share deep dives into vulnerabilities along with insights on standards, specifications, and real-world use cases. At Volerion, we use our data to help others make faster, smarter security decisions. Our goal is to provide clear, actionable intelligence that supports teams in staying ahead of emerging threats.

Also check out our vulnerability database or CVSS 3.1 & 4.0 calculators.

Recent Posts

• [CVE-2025-11368] LearnPress REST Endpoint Leaks Quiz Answers and Other Confidential Course Content

  21 Nov, 2025

  A missing capability check in a LearnPress REST route lets anyone harvest curriculum HTML, quiz questions and their correct answers without logging in.

• [CVE-2025-63889] ThinkPHP 5.0.24 Lets Attackers Read Any File on the Server

  20 Nov, 2025

  A directory traversal flaw in ThinkPHP’s template engine allows unauthenticated users to pull arbitrary files, including configuration secrets, straight from disk.

• [CVE-2025-63888] ThinkPHP 5.0.24 Template File Inclusion Drops a Remote Shell

  20 Nov, 2025

  A path-traversal flaw in ThinkPHP’s File template driver lets unauthenticated attackers include arbitrary files and execute embedded PHP. Proof-of-concept code is public and exploitation requires only the ability to upload a file.

• [CVE-2025-64502] Parse Server Leaks MongoDB Query Plans to Anyone Without a Master Key

  10 Nov, 2025

  All Parse Server releases before 8.5.0-alpha.5 accept the `explain` flag on any query, even when no master key is provided. That single flag exposes index definitions, execution time estimates and other metadata that make privilege-escalation and performance-degradation attacks much easier.