CVE-2024-47580 - How Administrators Can Exploit PDF Generation to Read Any File on the Server
---
Overview
CVE-2024-47580 is a critical vulnerability affecting certain web applications that generate PDFs via exposed web services. If an attacker is authenticated as an
CVE-2024-55638 - How Drupal Core’s Deserialization Flaw Exposes Your Website to Object Injection
Drupal is a powerhouse in the content management system (CMS) world, used by everyone from small businesses to giant media outlets. However, it’s not
CVE-2024-54151 - Critical Directus WebSockets Vulnerability—How Unauthenticated Users Can Become Admins
Directus is a popular open-source platform that turns any SQL database into a powerful real-time API and user-friendly admin dashboard. With Directus, teams can manage
CVE-2024-54147 - How Altair GraphQL Client Let Attackers Read All Your Data on Public WiFi
Altair GraphQL Client for Desktop didn’t verify HTTPS certificates before version 8..5. This means that if you used it on public WiFi or
CVE-2024-53949 - How Improper Authorization in Apache Superset Exposed Sensitive APIs (Full Exploit Details Inside)
Published: June 2024
Written by: Security Insights Team
Apache Superset is a popular open-source platform for data exploration and visualization. If your company runs dashboards
Episode
00:00:00
00:00:00