CVE-2024-53552 - How a Simple Password Reset Flaw Exposed Every CrushFTP User to Account Takeover
CrushFTP is a popular file transfer server used worldwide by businesses for securely exchanging sensitive documents. In May 2024, security researchers uncovered a critical vulnerability—
CVE-2024-47580 - How Administrators Can Exploit PDF Generation to Read Any File on the Server
---
Overview
CVE-2024-47580 is a critical vulnerability affecting certain web applications that generate PDFs via exposed web services. If an attacker is authenticated as an
CVE-2024-55638 - How Drupal Core’s Deserialization Flaw Exposes Your Website to Object Injection
Drupal is a powerhouse in the content management system (CMS) world, used by everyone from small businesses to giant media outlets. However, it’s not
CVE-2024-54151 - Critical Directus WebSockets Vulnerability—How Unauthenticated Users Can Become Admins
Directus is a popular open-source platform that turns any SQL database into a powerful real-time API and user-friendly admin dashboard. With Directus, teams can manage
CVE-2024-54147 - How Altair GraphQL Client Let Attackers Read All Your Data on Public WiFi
Altair GraphQL Client for Desktop didn’t verify HTTPS certificates before version 8..5. This means that if you used it on public WiFi or
Episode
00:00:00
00:00:00