Security Research

Vulnerabilities discovered by Gecko's Scanner.
Each finding was responsibly disclosed to the vendor.

Assigned CVEs

Disclosure Process

Vulnerabilities Fixed

How Gecko Discovered 30 0-Day Vulnerabilities No AppSec Tool Found

Previously, there were entire classes of business logic and multi-step vulnerabilities that have long been invisible to SAST. Today, that changes.

Jeevan Jutla

5 minute read7/31/2025

Read post

Discoveries

Security vulnerabilities discovered and responsibly disclosed

Sort by:

CVE-2025-1595

5.3 Medium

EasyCVR <=2.1.2 - Information Disclosure

A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified as problematic. This vulnerability affects unknown code of the file /api/v1/getbaseconfig. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

View Details

CVE-2025-1234

9.8 Critical

WordPress Plugin XYZ - SQL Injection

A critical SQL injection vulnerability was discovered in WordPress Plugin XYZ versions prior to 3.2.1. The vulnerability allows unauthenticated attackers to execute arbitrary SQL commands via the search parameter.

View Details

CVE-2025-2001

7.5 High

NodeJS Framework ABC - Authentication Bypass

Authentication bypass vulnerability in NodeJS Framework ABC allows attackers to gain unauthorized access to protected resources.

View Details

BLOG-2025-001

Blog Post

Understanding Modern API Security Threats

A comprehensive analysis of emerging API security vulnerabilities and how organizations can protect themselves against sophisticated attacks targeting REST and GraphQL endpoints.

View Details