CVE-2022-45378 Apache SOAP's RPCRouterServlet has no authentication, which gives attackers the ability to invoke methods on the classpath.
Due to the fact that Apache SOAP versions 1.2, 1.3 and 1.4 are no longer supported, this vulnerability poses a critical risk
CVE-2022-27949 - Unmasking Secrets in Apache Airflow – A Hands-On Deep Dive
CVE-2022-27949 is a security flaw found in Apache Airflow's web interface, which lets attackers read unmasked (i.e., real, plain-text) secrets in rendered
CVE-2022-40127 An attacker with UI access can execute arbitrary commands via a DAG run_id parameter.
This issue is a result of a change in default configuration of DAGs when the Airflow version was upgraded from 2.3.x to 2.
CVE-2022-3942 An issue was found in SourceCodester Sanitization Management System and it is considered problematic. It may lead to cross site scripting.
This cross site scripting issue may lead to information disclosure. An attacker may exploit it to steal confidential data; for instance, login credentials, access rights,
CVE-2022-44087 - How a File Upload Vulnerability in ESPCMS P8.21120101 Allows Remote Code Execution (RCE)
---
Introduction
In late 2022, a serious vulnerability (CVE-2022-44087) was discovered in ESPCMS P8.21120101, a popular content management system widely used for building web
Episode
00:00:00
00:00:00