CVE-2022-23640 - XML Entity Expansion Vulnerability in Excel-Streaming-Reader & How to Stay Safe
If you’re working with spreadsheets in Java, you might know about Excel-Streaming-Reader. It’s a handy library that lets you read really large Excel
CVE-2022-24948 - Exploiting Apache JSPWiki XSS via User Preferences - A Deep Dive
---
Introduction
In the world of web security, Cross-Site Scripting (XSS) remains one of the oldest and most dangerous web application vulnerabilities. In this post,
CVE-2022-24288 Airflow older than 2.2.4 had issues with user-provided params being vulnerable to OS Command Injection.
The issue was fixed in version 2.2.4 by introducing a new feature: parameter validation. To enable parameter validation, set the DAG_VALIDATE_ARGS
CVE-2022-23176 The Watchguard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session.
XTM before 5.4.1 allows a remote attacker to access the system with a privileged management session via insecure network access. XTM versions prior
CVE-2022-25313 Expat before 2.4.5 had a vulnerability that could exhaust the build_model stack.
Build the DTD with a nesting depth of at least 551 and then send a large number of !ENTITY> nodes to build_model via
Episode
00:00:00
00:00:00