Posts

All the articles we've posted.

• [CVE-2025-32433] Erlang/OTP SSH Authentication Bypass Gives Attackers a Direct Shell

  17 Apr, 2025

  A logic error in Erlang/OTP's SSH server lets anyone run remote commands before authentication finishes. Because many networking appliances embed Erlang, the blast radius spans far beyond developer machines.

• [CVE-2025-11517] Free Tickets for Sale – How a Logic Error Skips Payment in WordPress Event Tickets

  28 Nov, 2024

  A missing price check in Event Tickets up to 5.26.5 lets anyone create orders for paid tickets through the plugin’s “free commerce” REST endpoint. Site owners lose revenue and occupancy control, while attackers walk in for nothing.