CVE-2023-38646 - Breaking Metabase—How Unauthenticated Remote Code Execution Rocked BI Servers
If you’re using Metabase for business intelligence or dashboarding, there’s a critical security warning you need to hear about. CVE-2023-38646 is a high-impact
CVE-2023-3484 - How GitLab EE Group Name Path Flaw Lets Attackers Hijack Top-Level Groups
On June 1st, 2023, a new vulnerability was published in GitLab Enterprise Edition (EE) affecting all versions starting from 12.8 up to—but not
CVE-2023-37649 - How Incorrect Access Controls in Cockpit CMS v2.5.2 Expose Sensitive Data
Cockpit CMS is a popular, headless content management system (CMS) widely embraced by developers building flexible, API-powered websites and apps. But sometimes, even flexible power
CVE-2023-31461 - Exploiting SteelSeries GG’s Open API Listener for Remote Code Execution
SteelSeries GG is a popular gaming software suite used worldwide to manage hardware, macros, and other features on SteelSeries peripherals. On April 24th, 2023, a
CVE-2023-32482 - How a Simple Auth Flaw in Wyse Management Suite Lets Attackers Push Policies Across Tenant Groups
---
Update: Wyse Management Suite versions before 4. are vulnerable to a serious flaw (CVE-2023-32482) that could let any user with privileged access bypass key
Episode
00:00:00
00:00:00