CVE-2022-29153 Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the client agent follows redirects returned by HTTP health check endpoints.
Tautulli, a software monitoring service, is prone to CSRF via Tautulli’s web monitoring endpoints. Fixed in 1.9.17 and 1.10.10.
On
CVE-2022-27671 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
A CSRF token is usually a hidden piece of information that a server sends back to the client with each request. If you have access
CVE-2022-23972 The ASUS RT-AX56U has an SQL injection vulnerability because it doesn't validate user input.
RT-AX56U’s SQL injection due to insufficient input validation. An attacker can send specially-crafted request to inject SQL code into database and the database will
CVE-2022-0981 A flaw was found in Quarkus, the popular REST client, which can leak state and permissions from one web request to another.
This issue could be exploited remotely by injecting malicious requests into the application’s communication channels. In certain configurations, it’s also possible for an
CVE-2022-0862 - How a Deprecated McAfee ePO API Let Attackers Change Your Password Remotely
In early 2022, security researchers disclosed CVE-2022-0862, a vulnerability affecting McAfee Enterprise ePolicy Orchestrator (ePO)—specifically, versions before 5.10 Update 13. This post dives
Episode
00:00:00
00:00:00