<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Devo</title><description>Devo</description><link>https://d3voo.com/</link><language>en</language><item><title>CVE-2024-34351: Trusting the Host Header—Next.js Server Actions as a Blind-to-Read SSRF Proxy</title><link>https://d3voo.com/cve-analysis/cve/cve-2024-34351-host-header-ssrf-nextjs-server-actions/</link><guid isPermaLink="true">https://d3voo.com/cve-analysis/cve/cve-2024-34351-host-header-ssrf-nextjs-server-actions/</guid><description>Learn how CVE-2024-34351 lets attackers abuse the Host header in Next.js 13.4–14.1.0 Server Actions, converting a relative redirect into a full-read SSRF that exposes internal data.</description><pubDate>Sun, 15 Jun 2025 00:00:00 GMT</pubDate></item><item><title>CVE-2025-27590: Arbitrary File Write to Remote Code Execution in Oxidized Web</title><link>https://d3voo.com/cve-analysis/cve/exploring-cve-2025-27590-command-injection-in-multipart-form-handler/</link><guid isPermaLink="true">https://d3voo.com/cve-analysis/cve/exploring-cve-2025-27590-command-injection-in-multipart-form-handler/</guid><description>Explore CVE-2025-27590: a critical command injection vulnerability in multipart form-data handling. Includes Python PoC, technical analysis, and mitigation strategies.</description><pubDate>Sat, 31 May 2025 00:00:00 GMT</pubDate></item><item><title>Deep Dive into CVE-2022-24112: IP Validation Bypass to Remote Code Execution in Apache APISIX</title><link>https://d3voo.com/cve-analysis/cve/exploring-cve-2022-24112-ip-validation-bypass-remote-code-execution-in-apache-apisix/</link><guid isPermaLink="true">https://d3voo.com/cve-analysis/cve/exploring-cve-2022-24112-ip-validation-bypass-remote-code-execution-in-apache-apisix/</guid><description>Technical breakdown of CVE-2022-24112 in Apache APISIX: header collision in batch-requests bypasses IP filter, enabling remote code execution. Includes patch details and hardening tips.</description><pubDate>Fri, 23 May 2025 00:00:00 GMT</pubDate></item><item><title>Deep Dive into CVE-2020-17530: Root Cause, Exploitation, and OGNL Injection Chain Building</title><link>https://d3voo.com/cve-analysis/cve/exploring-cve-2020-17530-remote-code-execution-via-ognl-injection-in-struts2/</link><guid isPermaLink="true">https://d3voo.com/cve-analysis/cve/exploring-cve-2020-17530-remote-code-execution-via-ognl-injection-in-struts2/</guid><description>Explore CVE-2020-17530, a critical OGNL injection vulnerability in Apache Struts2 leading to remote code execution through unsafe dynamic attribute evaluation.</description><pubDate>Wed, 14 May 2025 00:00:00 GMT</pubDate></item><item><title>Exploring CVE-2025-24813: Remote Code Execution via Tomcat Session Deserialization</title><link>https://d3voo.com/cve-analysis/cve/exploring-cve-2025-24813-remote-code-execution-via-tomcat-session-deserialization/</link><guid isPermaLink="true">https://d3voo.com/cve-analysis/cve/exploring-cve-2025-24813-remote-code-execution-via-tomcat-session-deserialization/</guid><description>Step-by-step exploit of Apache Tomcat CVE-2025-24813: partial .session upload deserialization yields RCE; includes PoC, root-cause, and mitigation advice.</description><pubDate>Sun, 11 May 2025 00:00:00 GMT</pubDate></item><item><title>Next.js v12.0.7-v15.2.3 CVE-2025-29927 Analysis and POC</title><link>https://d3voo.com/cve-analysis/cve/nextjs-v1207-v1523-cve-2025-29927-analysis-and-poc/</link><guid isPermaLink="true">https://d3voo.com/cve-analysis/cve/nextjs-v1207-v1523-cve-2025-29927-analysis-and-poc/</guid><description>Detailed write-up of Next.js CVE-2025-29927 (v12.0.7–v15.2.3): root-cause analysis, step-by-step PoC exploit and concrete mitigation actions.</description><pubDate>Wed, 07 May 2025 00:00:00 GMT</pubDate></item><item><title>GLPI Pre-authentication RCE / CVE-2025-24801 Analysis and POC</title><link>https://d3voo.com/cve-analysis/cve/glpi-pre-authentication-rce-cve-2025-24801-analysis-and-poc/</link><guid isPermaLink="true">https://d3voo.com/cve-analysis/cve/glpi-pre-authentication-rce-cve-2025-24801-analysis-and-poc/</guid><description>Comprehensive guide to exploiting GLPI CVE-2025-24801: change document type, upload PHP shell, execute remotely, plus mitigation and detection tips.</description><pubDate>Thu, 01 May 2025 00:00:00 GMT</pubDate></item></channel></rss>