CVE-2022-36315 Subresource Integrity protects against script reuse when an injection attack occurs.
If the integrity service is enabled for a script, it can be triggered by injecting a fake script that appears to come from a trusted
CVE-2022-29914 Reusing existing popups could have allowed for browser spoofing attacks.
Thunderbird and Firefox are not vulnerable if they are using the --force-fullscreen command line argument. All versions of the browser are vulnerable to clickjacking
CVE-2022-22743 An attacker-controlled tab could make the browser unable to leave fullscreen mode.
Firefox users that are relying on Google Chrome or Microsoft Edge to view sites that have been changed to require full-screen mode are advised
CVE-2022-43548 An OS command injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed due to IsIPAddress not properly checking if an IP address is invalid.
The issue can be exploited by an attacker via a remote code execution attack. The vulnerability can be exploited by an attacker to execute arbitrary
CVE-2022-38803 - How a Simple XSS in Zkteco BioTime Leads to Local File Read — Exploit and Details
Zkteco BioTime is a widely used time and attendance management platform, especially popular in organizations that need biometric punch and leave management. In mid-2022,
Episode
00:00:00
00:00:00