CVE-2024-9778 - How a Simple CSRF Bug in ImagePress Plugin Can Compromise Your WordPress Site
The WordPress plugin ImagePress – Image Gallery is widely used for displaying beautiful image galleries on blogs and portfolio websites. However, a dangerous security flaw — officially
CVE-2024-9707 - WordPress Hunk Companion Plugin Exploit – Unauthorized Plugin Activations and the Road to RCE
CVE-2024-9707 is a serious security bug found in the popular Hunk Companion plugin for WordPress. If your website uses this plugin (versions 1.8.4
CVE-2024-9164 - How a GitLab EE Vulnerability Lets Attackers Run Pipelines on Any Branch
- [Proof of Concept: Exploiting Arbitrary Pipeline Execution](#proof-of-concept-exploiting-arbitrary-pipeline-execution)
Introduction
In June 2024, a serious vulnerability (CVE-2024-9164) was disclosed affecting GitLab Enterprise Edition (EE). The
CVE-2024-21534 - Remote Code Execution in jsonpath-plus Before 10..7 — How the Vulnerability Works and How to Stay Safe
jsonpath-plus is a popular Node.js library for evaluating JSONPath expressions over JSON data. It's widely used in projects needing powerful querying capabilities
CVE-2024-9487 - GitHub Enterprise Server SAML SSO Authentication Bypass — Vulnerability Deep Dive
In early 2024, security researchers uncovered a serious flaw—CVE-2024-9487—affecting GitHub Enterprise Server (GHES). This vulnerability allowed attackers to bypass SAML Single Sign-On (SSO)
Episode
00:00:00
00:00:00