CVE-2023-0551 - How a Simple Authorization Flaw in WordPress REST API TO MiniProgram Plugin Lets Any Subscriber Delete Attachments
In early 2023, a security vulnerability was discovered in the popular WordPress plugin REST API TO MiniProgram (version <= 4.6.1). This vulnerability, tracked
CVE-2023-40027 - Unauthorized Access to Keystone CMS Admin Metadata via Public `adminMeta` GraphQL Query
Keystone is a popular open-source headless CMS for Node.js, designed to make it easy for developers to build powerful and flexible backend applications. It’
CVE-2023-39438 - Unauthorized Access and Manipulation of CLA-Assistant via Missing Authorization Checks
On July 24, 2023, a security vulnerability was disclosed in CLA-assistant, an open-source tool for managing Contributor License Agreements (CLAs) on GitHub repositories. This vulnerability,
CVE-2023-38889 - Remote Code Execution in Alluxio via Unix Groups Username Injection
On August 10, 2023, a critical vulnerability was disclosed in Alluxio—a popular open-source data orchestration platform. Tracked as CVE-2023-38889, this flaw allows attackers to
CVE-2023-35082 - Authentication Bypass in Ivanti EPMM – Exclusive Insights & Exploit Details
In July 2023, a critical vulnerability was uncovered in Ivanti Endpoint Manager Mobile (EPMM) formerly known as MobileIron Core. Known as CVE-2023-35082, this flaw allows
Episode
00:00:00
00:00:00