CVE-2024-5535 - OpenSSL’s SSL_select_next_proto Buffer Overread — How a Zero-Length Protocol List Can Leak Sensitive Memory
OpenSSL is a staple of modern network cryptography, relied on by millions of servers and clients worldwide. Naturally, any flaw discovered in this library receives
CVE-2024-22232 - Directory Traversal in Salt File Server - How Attackers Can Steal Any File
In early 2024, researchers discovered a dangerous vulnerability — CVE-2024-22232 — that affects the popular SaltStack open-source automation tool. This issue allows an attacker to craft a
CVE-2024-4901 - Stored XSS in GitLab’s Commit Notes – Detailed Analysis and Exploitation Guide
On May 30, 2024, the GitLab team disclosed CVE-2024-4901, a severe Stored Cross-Site Scripting (XSS) vulnerability introduced in GitLab Community and Enterprise Editions. This security
CVE-2024-5655 - GitLab Pipeline Impersonation Vulnerability Explained
On June 26, 2024, GitLab released a critical security update addressing CVE-2024-5655. This vulnerability lets attackers trigger a CI/CD pipeline as another user under
CVE-2024-3115 - Exploiting GitLab EE’s SSO Bypass for Issues & Epics via Duo Chat
On April 2024, security researchers discovered a major vulnerability—CVE-2024-3115—in GitLab Enterprise Edition (EE). This flaw lets attackers bypass Single Sign-On (SSO) controls and
Episode
00:00:00
00:00:00