CVE-2024-12254 - Memory Exhaustion in Python 3.12+ Asyncio `writelines()` Puts Servers at Risk
Python 3.12 introduced multiple improvements to its popular asyncio module, promising faster asynchronous code and smarter memory usage. However, the change introduced an overlooked
CVE-2024-54143 - How Insecure Hashing in OpenWrt/asu Lets Attackers Poison Your Firmware Updates
OpenWrt is a popular open-source operating system for embedded devices, especially routers. To make custom firmware images, many rely on OpenWrt’s ASU image builder
CVE-2024-54214 - How Unrestricted File Upload in Roninwp Revy Lets Attackers Deploy Web Shells
In June 2024, security researchers publicly disclosed a critical vulnerability in the Roninwp Revy WordPress plugin. Labeled CVE-2024-54214, this flaw allows any unauthenticated attacker to
CVE-2024-53794 - Deep Dive Into Stored XSS in Arkhe Blocks by LOOS,Inc. (Up to 2.27.)
Cross-Site Scripting (XSS) still plagues modern web apps, and the vulnerability CVE-2024-53794 shows just how easy it is for stored XSS attacks to slip into
CVE-2024-11321 - Reflected XSS in Hi e-learning LMS — How It Works, Exploit Details, and What You Need to Know
On March 1, 2024, a new vulnerability, CVE-2024-11321, was disclosed, targeting the Hi e-learning Learning Management System (LMS). This flaw is an “Improper Neutralization of
Episode
00:00:00
00:00:00