CVE-2024-42326 - How a Use-After-Free Bug in browser.c’s `es_browser_get_variant` Enabled Critical Exploitation
On June 10, 2024, a critical vulnerability—CVE-2024-42326—was disclosed affecting a number of applications using the es_browser_get_variant function in the open-source
CVE-2024-42327 - Zabbix API SQL Injection Exploit in CUser.get – How Any API User Can Hack Your Database
---
Introduction
Yet another major security hole has been found in the world of network monitoring—this time in Zabbix, the popular open-source platform used
CVE-2024-11667 - Directory Traversal in Zyxel ATP, USG FLEX, and USG20(W)-VPN – Exploit Details and Practical Example
Zyxel’s security appliances are commonly used in offices and remote work locations. Recently, a serious vulnerability (CVE-2024-11667) was discovered in the web management interfaces
CVE-2024-36467 - How Authenticated API Users Can Escalate Privileges in Zabbix (Risk & Exploit Explained)
Zabbix is a popular, open-source monitoring platform widely used in IT environments. On June 2024, a critical security vulnerability—CVE-2024-36467—was disclosed. Simply put, if
CVE-2024-5921 - How Palo Alto Networks GlobalProtect’s Certificate Validation Flaw Puts Endpoints at Risk
TL;DR:
A recently discovered security bug—CVE-2024-5921—in Palo Alto Networks’ GlobalProtect app makes it possible for attackers to connect the VPN client to
Episode
00:00:00
00:00:00