CVE-2023-42792 - How Apache Airflow Users Could Escalate Privileges and Manipulate DAGs
Apache Airflow is a powerful open-source platform for orchestrating complex workflows and data pipelines. But with great power comes the responsibility to keep your pipelines
CVE-2023-45348 - How Authenticated Attackers Can Leak Apache Airflow Config With “expose_config” Mistake
Apache Airflow is a hugely popular open-source platform for orchestrating complex workflows. But even the best tools sometimes have security issues. In this article, I’
CVE-2023-45852 - How Vitogate 300 2.1.3. Authentication Can Be Bypassed for Remote Code Execution
In late 2023, a critical vulnerability was discovered in Vitogate 300 version 2.1.3., a device commonly used for industrial control and monitoring. The
CVE-2023-45674 - Critical SQL Injection in Farmbot-Web-App—How It Works, Risks, and Exploit Details
FarmBot is a cool project that lets people automate farming tasks, all through a web-based interface called the Farmbot-Web-App. But like many open-source apps, FarmBot
CVE-2023-4829 - Stored XSS in froxlor/froxlor Before 2..22—How It Happens and How to Stay Safe
CVE-2023-4829 exposes a dangerous vulnerability—Stored Cross-Site Scripting (XSS)—in the popular web hosting management tool Froxlor. If you’re running any version prior to
Episode
00:00:00
00:00:00