CVE-2022-33328 Command injection vulnerabilities exist in the web_server ajax endpoints of Robustel R1510 3.3.0. A specially-crafted network packet can lead to arbitrary command execution.
This API is used to remove license product codes. The attacker can send specially-crafted requests to inject their own commands, bypassing the intended operations. There
CVE-2022-26135 The Mobile Plugin for Jira Data Center and Server has an endpoint that can be brute-forced by a remote, authenticated user.
The vulnerability can be exploited if the user has permissions to access the ‘batch’ feature on the target server. We recommend not relying on this
CVE-2022-31052 Synapse is an open source Matrix home server, earlier versions used to have a URL preview issues due to the recursion.
This problem has been around since the very first public release of Synapse in February 2013, and it is unlikely to be fixed in the
CVE-2022-31090 - Sensitive Authorization Header Leak in Guzzle When Following Redirects—What You Should Know
If you use Guzzle, the popular PHP HTTP client, for making web requests, there's an important security vulnerability you need to know about—
CVE-2022-31093 NextAuth.js is a complete open source authentication solution for Next.js applications
A possible attack vector to consider is when the user input a `callbackUrl` value which can be coerced into a valid `URL` object. We have
Episode
00:00:00
00:00:00