The Exploit Archives

CVE-2018-7600 - a crafted request turned thousands of websites into attacker control panels.In this episode of The Exploit Archives, we break down how Drupal was compromised again, how it worked and why RCE is still one of the worst outcomes for web platforms.Support the show: ⁠⁠⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠ Youtube: ⁠⁠⁠⁠⁠⁠The Exploit Archives - YoutubeWeekly episodes!Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon 2,rce, ethical hacking, remote code execution, cms vulnerability

CVE-2014-3704 - a single vulnerability in Drupal, one of the web's biggest content management.In this episode of The Exploit Archives, we break down how this silent bug in Drupal's code turned into global exploitation within hours, why thousands of sites were compromised, and what lessons it left behind.Stay tuned for Part Two.Support the show: The Exploit ArchivesYoutube: ⁠⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠⁠Weekly Episodes!Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon, sql injection, ethical hacking, remote code execution, cms vulnerability

CVE-2024-3094 - a backdoor hidden inside XZ Utils, the tiny compression library bundled into millions of Linux systems.In this episode of The Exploit Archives, we break down how a trusted maintainer slipped in the malicious code, how close it came to being unleashed, and what this betrayal means for the future of open-source security.Support the show: ⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠Youtube: ⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠Weekly Episodes!Tags: CVE breakdown, cybersecurity, linux , xz utils, linux security, supply chain attack, ssh vulnerability, hacking, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

CVE-2025-23334, CVE 2025-23320, CVE-2025-23319 - three vulnerabilities in NVIDIA's Triton Inference Server that chain together, getting more critical each time.In this episode of The Exploit Archives, we break down this "Triple Threat", how these flaws work, why they matter for AI security, and what lessons they hold for protecting machine learning infrastructure. Support the show: ⁠⁠⁠The Exploit Archives⁠⁠⁠Youtube: ⁠⁠⁠The Exploit Archives - YouTube⁠⁠Weekly Episodes!Tags: CVE breakdown, cybersecurity, ai, nvidia, ai security, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

CVE-2021-41096 - a flaw in Rucky, the open-source Android app that turns your phone into a “Rubber Ducky” style hacking tool. It exposed just how dangerous weak cryptography can be.In this episode of The Exploit Archives, we break down how the flaw worked, why it mattered, and how a simple cryptographic misstep turned a pentesting tool into a potential attack vector.Support the show: ⁠⁠The Exploit Archives⁠⁠Youtube: ⁠⁠The Exploit Archives - YouTube⁠Weekly Episodes!Tags: CVE breakdown, Rucky app, USB HID exploit, cybersecurity, hacking, weak encryption, RSA vulnerability, Rubber Ducky, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking

CVE-2017-5753 & CVE-2017-5715 – better known as Spectre – exposed a terrifying truth: your CPU could be exploited.This wasn’t a software flaw. It was a vulnerability baked into the hardware of nearly every modern processor. And it wasn’t just theoretical. Attackers could steal passwords, encryption keys, and sensitive data... without ever touching the system.In this episode of The Exploit Archives, we dive into how Spectre worked, the performance cost of fixing it, and how this invisible exploit changed the future of cybersecurity forever.Support the show: ⁠The Exploit Archives⁠Youtube: ⁠The Exploit Archives - YouTubeWeekly Episodes!Tags:CVE breakdown, hacking, hardware exploit, Spectre bug, speculative execution, CPU vulnerability, Intel bug, privilege leaks, cybersecurity podcast, ethical hacking, exploit analysis

CVE-2021-3156 - was one of the most shocking privilege escalation bugs ever found in Linux. Hidden in sudo for nearly a decade, this flaw let any user with shell access become root instantly - no passwords, no exploit chains, just power.In this episode of The Exploit Archives, we break down how the bug worked, why it was so dangerous, and how a quiet code review uncovered a flaw sitting in plain sight for years.Support the show: The Exploit ArchivesYoutube: The Exploit Archives - YouTubeWeekly Episodes!CVE breakdown, hacking, linux, ethical hacking, sudo, sudo bug, exploit analysis, cyber attacks, Baron Samedit, privilege escalation

CVE-2022-1388 — an authentication bypass in F5’s BIG-IP systems that gave attackers the keys to the kingdom. No password. No login. Just one carefully crafted request… and full root access.In this episode of The Exploit Archives, we break down how this critical flaw let remote attackers take over enterprise infrastructure, why so many systems were exposed, and how the exploit unfolded in the wild.Fast. Loud. Dangerously easy.Support the show: The Exploit ArchivesYoutube: @TheExploitArchivesWeekly Episodes!CVE-2022-1388, F5 BIG-IP, BIG-IP vulnerability, authentication bypass, hacking, remote code execution, SSRF, cyber attacks, 2022 CVEs, The Exploit Archives, ethical hacking, CVE breakdown, security flaw, exploit analysis, infosec podcast

CVE-2021-21973: It was quiet, it was technical, and it was everything cybercrime groups needed to get their foot in the door.In this episode of The Exploit Archives, we unravel how this vulnerability let attackers pivot deep inside Enterprise environments - no login, no malware, just a crafted request and a misconfigured proxy. From reconnaissance to lateral movement, this wasn't just an exploit.. it was an entry point.Support the show: ⁠The Exploit Archives⁠YouTube: ⁠The Exploit Archives⁠Weekly episodes!Tags: CVE-2021-21973, VMware, SSRF, lateral movement, cybercrime, The Exploit Archives, exploit, vulnerability, pivoting

CVE-2019-0708 — a critical remote desktop vulnerability in Microsoft Windows, better known as BlueKeep. It had the potential to become the next WannaCry — wormable, deadly, and lurking in millions of systems.In this episode of The Exploit Archives, we explore how BlueKeep works, the panic it caused in the infosec world, and why—despite the hype—it never exploded the way experts feared.Support the show: The Exploit ArchivesYouTube: The Exploit ArchivesWeekly episodes!Tags: CVE-2019-0708, BlueKeep, RDPvulnerability, remote desktop, Microsoft Windows, cybersecurity, wormable exploit, The Exploit Archives, RCE, hacking

CVE-2017-11882 is a remote code execution vulnerability in Microsoft’s legacy Equation Editor. A flaw that silently persisted for over 17 years.In this episode of The Exploit Archives, we break down how attackers embedded weaponised payloads into Word documents and triggered silent exploits with zero user interaction. Learn how this vulnerability worked, why it stuck around for so long, and how it became one of the most abused bugs in the wild.Weekly episodes!Support the show: ⁠ ⁠The Exploit Archives⁠Youtube:⁠ ⁠The Exploit Archives - YouTube⁠Keywords: CVE-2017-11882, Microsoft exploit, remote code execution, equation editor, cybersecurity, ethical hacking, vulnerability breakdown