CVE-2024-36387 - WebSocket Upgrades Over HTTP/2 Cause Null Pointer Dereference and Server Crashes
In June 2024, a critical vulnerability—CVE-2024-36387—was disclosed in popular web server software. This flaw allows attackers to crash server processes by attempting WebSocket
CVE-2024-36991 - Path Traversal Vulnerability in Splunk Enterprise on Windows
Splunk is one of the most popular platforms for searching, monitoring, and analyzing machine-generated big data. If you’re running Splunk Enterprise on Windows, there’
CVE-2024-20399 - How Locals Can Become Root on Cisco NX-OS Devices
In June 2024, a critical security flaw—CVE-2024-20399—was reported in the CLI (Command Line Interface) of Cisco NX-OS Software. This bug isn’t just
CVE-2024-37370 - How Attackers Trick Applications with Modified Kerberos GSS krb5 Wrap Tokens
June 2024 brought an important security update for MIT Kerberos 5 (krb5), fixing a subtle but serious flaw tracked as CVE-2024-37370. In this article, we’
CVE-2024-5730 - Reflected XSS Vulnerability in Pagerank tools WordPress Plugin version 1.1.5
A serious security vulnerability with a CVE-ID of CVE-2024-5730 has been discovered in the Pagerank tools WordPress plugin, specifically in versions up to and including
Episode
00:00:00
00:00:00