CVE-2022-36784 - Remote Code Execution in Elsight Halo’s WiFi Ping API Endpoint
CVE-2022-36784 is a critical remote code execution (RCE) vulnerability affecting the Elsight Halo device—a popular product for secure data communication over cellular and WiFi
CVE-2022-43506 In Delta Electronics DIAEnergie v1.9.02.001, SQL Injection can be done via Network.
communication. This can be leveraged to control the functionality of the device and obtain sensitive information. Delta Electronics DIAEnergie version 1.9.02.001 and
CVE-2022-43452 In Delta Electronics DIAEnergie versions before v1.9.02.001, SQL Injection can be
injected.
request when DIAEnergie is configured to expose an external database. DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries
CVE-2022-45071 The premium WPML Multilingual plugin has a CSRF vulnerability.
CSRF is a type of web application vulnerability that occurs when an attacker tricks a user into performing an action on a web application that
CVE-2021-33897 - Buffer Overflow and Improper Path Handling in Synthesia – Easy App Crash Exploit
Disclosure Timeline
References:
- CVE-2021-33897 NVD Entry
- Synthesia Official Site
Introduction
Synthesia is a popular educational music application for learning and playing MIDI songs,
Episode
00:00:00
00:00:00