CVE-2022-37623 - Exploiting Prototype Pollution in browserify-shim’s resolveShims Function
Summary:
In 2022, a prototype pollution vulnerability was discovered in the popular JavaScript library, browserify-shim, specifically in its resolveShims.js file. Assigned CVE-2022-37623, this bug
CVE-2022-44019 - Remote Command Execution in Total.js 4 `/api/common/ping` Endpoint
In November 2022, a critical vulnerability was found in the Total.js 4 framework, before commit e5ace7. This security bug, now known as CVE-2022-44019, lets
CVE-2022-43286 - A Deep Dive Into the Heap-Use-After-Free in Nginx NJS v.7.2
In late October 2022, a heap-use-after-free vulnerability, now known as CVE-2022-43286, was publicly disclosed in Nginx’s njs scripting engine (version .7.2). This subtle
CVE-2022-3708 - SSRF in WordPress Web Stories Plugin – What You Need to Know (With Exploit Example)
Summary:
The WordPress Web Stories plugin lets you easily create visually rich, mobile-focused stories for your site. But in versions up to and including 1.
CVE-2022-3401 - Remote Code Execution in Bricks WordPress Theme (Versions 1.2 – 1.5.3)
WordPress powers more than 40% of all websites, and its extensibility through themes and plugins is both a strength and a weakness. In mid-2022, a
Episode
00:00:00
00:00:00