Logic scanner now available! Try it out

ZeroPath Blog & Research

Explore our team's latest research and stay up to date with ZeroPath's capabilities.

All Research Product Insights CVE Analysis
Growatt Cloud Applications at Risk: Unpacking CVE-2025-24297 Stored XSS Vulnerability

Growatt Cloud Applications at Risk: Unpacking CVE-2025-24297 Stored XSS Vulnerability

A critical stored XSS vulnerability (CVE-2025-24297) in Growatt Cloud Applications allows attackers to inject malicious JavaScript, posing severe risks to user privacy and system integrity.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 7m read
Oracle Database Java VM Vulnerability CVE-2025-30736: Remote Exploitation Risks and Mitigation

Oracle Database Java VM Vulnerability CVE-2025-30736: Remote Exploitation Risks and Mitigation

CVE-2025-30736 exposes Oracle Database Java VM to remote unauthenticated attacks, risking critical data integrity and confidentiality. Immediate patching and mitigation strategies are essential.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Oracle Configurator Exposed: Unauthenticated Data Access via CVE-2025-30728

Oracle Configurator Exposed: Unauthenticated Data Access via CVE-2025-30728

A critical vulnerability in Oracle Configurator (CVE-2025-30728) allows unauthenticated attackers to access sensitive enterprise data, posing significant confidentiality risks.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 7m read
Oracle E-Business Suite Under Siege: Critical RCE in iSurvey Module (CVE-2025-30727)

Oracle E-Business Suite Under Siege: Critical RCE in iSurvey Module (CVE-2025-30727)

A critical remote code execution vulnerability (CVE-2025-30727) has been identified in Oracle E-Business Suite's iSurvey Module, allowing unauthenticated attackers to fully compromise affected systems.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Oracle E-Business Suite Exposed: CVE-2025-30716 Enables Unauthenticated Data Access

Oracle E-Business Suite Exposed: CVE-2025-30716 Enables Unauthenticated Data Access

A critical vulnerability in Oracle E-Business Suite's CRM User Management Framework (CVE-2025-30716) allows unauthenticated attackers to access sensitive data remotely. Immediate patching is essential.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 5m read
Oracle E-Business Suite Exposed: Unauthenticated Access via CVE-2025-30708

Oracle E-Business Suite Exposed: Unauthenticated Access via CVE-2025-30708

CVE-2025-30708 exposes Oracle E-Business Suite's User Management to unauthenticated attackers, risking critical data exposure. Immediate patching recommended.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 5m read
MySQL Connector/J Under Siege: Analyzing CVE-2025-30706's Critical Takeover Risk

MySQL Connector/J Under Siege: Analyzing CVE-2025-30706's Critical Takeover Risk

A detailed technical analysis of CVE-2025-30706, a high-severity vulnerability affecting MySQL Connector/J versions 9.0.0 to 9.2.0, enabling potential system takeover.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Oracle Java SE and GraalVM JSSE Flaw (CVE-2025-21587): Unpacking the SSL/TLS Vulnerability

Oracle Java SE and GraalVM JSSE Flaw (CVE-2025-21587): Unpacking the SSL/TLS Vulnerability

CVE-2025-21587 exposes Oracle Java SE and GraalVM products to unauthorized data manipulation and access via JSSE vulnerabilities. Immediate patching is critical.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Fueling Danger: Critical Authentication Flaw in Lantronix Xport (CVE-2025-2567)

Fueling Danger: Critical Authentication Flaw in Lantronix Xport (CVE-2025-2567)

A critical missing authentication vulnerability in Lantronix Xport devices (CVE-2025-2567) threatens fuel monitoring systems, risking severe operational disruptions and safety hazards.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Libsoup's Double-Free Disaster: Analyzing CVE-2025-32911's Critical Memory Corruption Flaw

Libsoup's Double-Free Disaster: Analyzing CVE-2025-32911's Critical Memory Corruption Flaw

A critical double-free vulnerability (CVE-2025-32911) in libsoup's header parsing exposes Linux systems to severe memory corruption risks.

ZeroPath Security Research

ZeroPath Security Research

2025-04-15
CVE Analysis 6m read
Edge of Danger: Unpacking CVE-2025-29834's Out-of-Bounds Read in Microsoft Edge

Edge of Danger: Unpacking CVE-2025-29834's Out-of-Bounds Read in Microsoft Edge

Explore the technical intricacies behind CVE-2025-29834, an out-of-bounds read vulnerability in Microsoft Edge, and learn how to protect your systems.

ZeroPath Security Research

ZeroPath Security Research

2025-04-11
CVE Analysis 6m read
Analyzing CVE-2025-21601: Juniper Junos OS Web Management DoS Vulnerability

Analyzing CVE-2025-21601: Juniper Junos OS Web Management DoS Vulnerability

Detailed technical analysis of CVE-2025-21601, a critical DoS vulnerability affecting Juniper Junos OS web management components.

ZeroPath Security Research

ZeroPath Security Research

2025-04-09
CVE Analysis 7m read
Critical RCE in BentoML Runner Server: Deep Dive into CVE-2025-32375

Critical RCE in BentoML Runner Server: Deep Dive into CVE-2025-32375

An in-depth technical analysis of CVE-2025-32375, a critical remote code execution vulnerability in BentoML's runner server, including exploitation methods, detection techniques, and patching guidance.

ZeroPath Security Research

ZeroPath Security Research

2025-04-09
CVE Analysis 7m read
React Router Under Siege: Analyzing CVE-2025-31137 URL Spoofing Vulnerability

React Router Under Siege: Analyzing CVE-2025-31137 URL Spoofing Vulnerability

Dive deep into CVE-2025-31137, a high-severity URL spoofing vulnerability affecting React Router and Remix applications using Express adapters. Learn how attackers exploit HTTP headers and how to protect your applications.

ZeroPath Security Research

ZeroPath Security Research

2025-04-01
CVE Analysis 6m read
Next.js Middleware Exploit: CVE-2025-29927 Authorization Bypass

Next.js Middleware Exploit: CVE-2025-29927 Authorization Bypass

Explore the critical CVE-2025-29927 vulnerability in Next.js middleware, enabling attackers to bypass authorization checks and gain unauthorized access.

ZeroPath Security Research

ZeroPath Security Research

2025-03-21
CVE Analysis 6m read
Privilege Escalation in Microsoft Partner Center: Analyzing CVE-2025-29814

Privilege Escalation in Microsoft Partner Center: Analyzing CVE-2025-29814

A critical improper authorization flaw in Microsoft Partner Center (CVE-2025-29814) allows attackers to escalate privileges remotely. Here's our technical analysis and mitigation guidance.

ZeroPath Security Research

ZeroPath Security Research

2025-03-20
CVE Analysis 5m read
Exploiting Microsoft Dataverse: Deep Dive into CVE-2025-29807 Deserialization Flaw

Exploiting Microsoft Dataverse: Deep Dive into CVE-2025-29807 Deserialization Flaw

An in-depth technical analysis of CVE-2025-29807, a critical deserialization vulnerability in Microsoft Dataverse enabling remote code execution.

ZeroPath Security Research

ZeroPath Security Research

2025-03-20
CVE Analysis 5m read
Exploiting Trust: Inside CVE-2025-23120 Veeam Backup & Replication RCE Vulnerability

Exploiting Trust: Inside CVE-2025-23120 Veeam Backup & Replication RCE Vulnerability

An in-depth technical breakdown of CVE-2025-23120, a critical remote code execution vulnerability affecting Veeam Backup & Replication, including exploitation methods, detection strategies, and immediate patching guidance.

ZeroPath Security Research

ZeroPath Security Research

2025-03-20
CVE Analysis 7m read

Ready for effortless AppSec?

Get a live ZeroPath tour.

Schedule a demo with one of the founders Dean Valentine Raphael Karger Nathan Hrncirik Yaacov Tarko to get started.

Schedule a demo