CVE-2023-37992 - Cross-Site Request Forgery (CSRF) in Smarty for WordPress Plugin (<= 3.1.35) Explained
WordPress is hands down the most popular CMS out there, which makes it an attractive target for attackers. The plugin ecosystem brings huge power to
CVE-2023-43884 - Exploiting a Critical XSS Vulnerability in Subrion v4.2.1 Transactions Panel
Every website running on Subrion v4.2.1 is open to a severe cross-site scripting (XSS) attack, thanks to a bug tracked as CVE-2023-43884. This
CVE-2023-5036 - Exploiting CSRF in usememos/memos (Before .15.1)
If you use the open-source project memos, you should be aware of a critical security flaw tracked as CVE-2023-5036. In versions before .15.1, there
CVE-2023-2848 - How a Missing Header Let Attackers Hijack WebSockets in Movim (Pre-.22)
In the world of open-source social networking, security can sometimes be overlooked. That happened in Movim, a decentralized social platform built on XMPP. Before version
CVE-2023-41935 - Exploiting Timing Attacks in Jenkins Azure AD Plugin (396.v86ce29279947 and Earlier)
Jenkins is a widely used automation server for building, testing, and deploying software projects. With countless plugins for integration, security is always a top concern.
Episode
00:00:00
00:00:00