CVE-2023-36388 - How Improper REST API Permission in Apache Superset (≤ 2.1.) Can Lead to SSRF for Authenticated Gamma Users
Apache Superset is a popular open-source data visualization platform, used by businesses and data teams everywhere. But even the best tools sometimes have dangerous flaws.
CVE-2023-40743 - Dangerous Service Lookups in Apache Axis 1.x Can Lead to RCE, SSRF, and DOS
In August 2023, a high-impact vulnerability was disclosed affecting applications based on Apache Axis 1.x, a Java-based SOAP engine. Identified as CVE-2023-40743, this flaw
CVE-2023-41080 - Open Redirect in Apache Tomcat FORM Authentication - Root Cause, Exploitation, and Remediation
In August 2023, a security issue known as CVE-2023-41080 was disclosed in the Apache Tomcat servlet container, affecting how URL redirection works after users log
CVE-2022-44729 - Server-Side Request Forgery (SSRF) Vulnerability in Apache XML Graphics Batik (Versions 1.16 and Below)
Recently, a critical vulnerability (CVE-2022-44729) came to light in the Apache XML Graphics Batik library. This security issue can be exploited to perform Server-Side Request
CVE-2022-46751 - Understanding and Exploiting XML External Entity (XXE) & XML Injection in Apache Ivy
CVE-2022-46751 is a critical vulnerability affecting all versions of Apache Ivy prior to 2.5.2. The flaw resides in how Ivy handles XML files—
Episode
00:00:00
00:00:00