CVE-2023-4169 - Critical Admin Password Vulnerability in Ruijie RG-EW120G Routers—How Attackers Can Take Over Your Network
In July 2023, security researchers uncovered a critical vulnerability in the Ruijie RG-EW120G router firmware (version 1.(1)B1P5), tracked as CVE-2023-4169. This flaw affects
CVE-2023-33372 - Hard-coded Credentials in Connected IO v2.1. Allow MQTT Hijack & JWT Forgery
In today’s world, Internet of Things (IoT) devices are used everywhere — from factories to smart homes. But a recent flaw, CVE-2023-33372, found in _Connected
CVE-2023-38691 - How matrix-appservice-bridge Allowed User Impersonation via OpenID API Vulnerability
On July 27, 2023, security researchers published details of a critical vulnerability in matrix-appservice-bridge, a popular Node.js package used to build bridges between the
CVE-2023-38487 - HedgeDoc “Note Hiding” Exploit—How Alias Collisions Can Block Access, Enable Phishing, and Denial of Service
Summary:
CVE-2023-38487 exposes a subtle but impactful vulnerability in HedgeDoc, the collaborative markdown note-taking tool. Before version 1.9.9, misuse of its freeURL feature
CVE-2023-37470 - Remote Code Execution in Metabase via H2 Connection String Injection
Metabase is a widely used open-source business intelligence (BI) and analytics platform, popular for helping users visualize and analyze their data with ease. In mid-2023,
Episode
00:00:00
00:00:00