CVE-2024-36428 - Understanding and Exploiting the OrangeHRM 3.3.3 SQL Injection via admin/viewProjects sortOrder
In June 2024, a new SQL Injection vulnerability—CVE-2024-36428—was disclosed in the open-source human resource management platform OrangeHRM version 3.3.3. This vulnerability
CVE-2024-36426 - TARGIT Decision Suite Leaks Session Tokens in URL via Unencrypted HTTP
Recently, a vulnerability was identified in TARGIT Decision Suite, a popular business intelligence suite. This vulnerability, tracked as CVE-2024-36426, affects versions up to 23.2.
CVE-2024-34923 - Easy Reflected XSS in Avocent DSR203 & SVIP102 Appliances – How It Works, Code Snippets & Exploit Demo
CVE-2024-34923 is a recently disclosed reflected cross-site scripting (XSS) vulnerability in certain Avocent appliance firmware versions, namely:
SVIP102: firmware 01.06.00.03 *before* 01.
CVE-2024-29415 - How the Node.js “ip” Package Unleashed a New SSRF Risk
If you’re using the ip package in your Node.js apps, you might be at risk due to CVE-2024-29415. This fresh vulnerability lets attackers
CVE-2024-34477 - Privilege Escalation in FOG Project via configureNFS—How Unprotected NFS Can Let Local Users Become Root
The FOG Project is a free open-source cloning and imaging solution for managing large numbers of computers. It is commonly used in schools, offices, and
Episode
00:00:00
00:00:00