CVE-2022-32173 In v1.2.2 of Orchard Core, an authenticated user with an editor security role can inject a modal dialog component into the dashboard that will affect admin users.
This can be used to issue admin-level warnings or even perform actions as a logged in user. To exploit this issue, an attacker must trick
CVE-2022-42002 SonicJS through 0.6.0 has file overwrite mutations fileCreate and fileUpdate.
The fileCreate mutation can be called without any authentication. If a developer had access to this mutation, they could easily overwrite any file on an
CVE-2020-15338 The Zyxel CloudCNM SecuManager has a "Use of GET Request Method With Sensitive Query Strings" issue. This issue may be exploited by attackers to access sensitive information.
In these cases, the server may return a different response code than expected. This issue occurs when the GET request method is used with a
CVE-2022-40929 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.
Microsoft Windows has a feature called background task. It can be used to do tasks at a scheduled time or when the system is idle.
CVE-2022-3075 - A Look Into Chrome’s Mojo Sandbox Escape (with Exploit Details)
Google Chrome is considered one of the most secure web browsers in use today, but its massive codebase sometimes leaves room for dangerous security bugs.
Episode
00:00:00
00:00:00