CVE-2023-20214 - How a REST API Flaw in Cisco SD-WAN vManage Exposed Configurations
In June 2023, Cisco announced a major vulnerability—CVE-2023-20214—in its SD-WAN vManage software REST API. This isn’t just another hard-to-exploit bug. For organizations
CVE-2023-37497 - How XXE Attacks Exposed Unica’s Backend Through Arbitrary XML APIs
In the world of cybersecurity, vulnerabilities in seemingly secure enterprise products pose serious risks. In 2023, a critical flaw was found in the Unica application,
CVE-2023-35081 - Path Traversal Vulnerability in Ivanti EPMM Enables Authenticated Admins To Write Arbitrary Files
---
Introduction
In July 2023, cybersecurity professionals and vendors raised alarms over a new severe vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM). The bug—CVE-2023-35081—
CVE-2023-21410 - Unauthenticated Remote Command Execution in AXIS License Plate Verifier's api.cgi
TL;DR:
A critical vulnerability (CVE-2023-21410) in AXIS License Plate Verifier lets attackers run system commands remotely via the “api.cgi” endpoint. The root cause
CVE-2023-4008 - How Random String Exposure Allowed GitLab Pages Domain Takeover
In August 2023, a critical vulnerability was reported in GitLab CE/EE called CVE-2023-4008. This issue impacts systems running GitLab Community and Enterprise Editions from
Episode
00:00:00
00:00:00