CVE-2022-39360 - How a Metabase SSO Flaw Let Attackers Reset Passwords
Metabase is a popular, open-source data visualization and business intelligence tool, often used by organizations to create dashboards and share insights from databases and other
CVE-2022-3474 - Critical Credential Leak in Bazel’s Remote Asset API Explained
Bazel is a popular build tool from Google, trusted by large companies and open-source developers to manage fast, reliable builds and tests. But like any
CVE-2022-25849 - Vulnerability in joyqi/hyper-down Causes XSS Through Unfiltered Markdown Links
In the ever-changing world of web security, Cross-site Scripting (XSS) remains a stubborn and dangerous vulnerability, often lurking where input isn’t sanitized properly. In
CVE-2022-43680 libexpat through 2.4.9 has a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
This could lead to crashes and/or denial of service if a large number of entities were being parsed or if an attacker could supply
CVE-2022-41797 Inappropriate authorization in handler for custom URL scheme vu
t can lead to access to arbitrary website.
The attacker can send malicious links or emails to the user via malicious websites or take advantage of compromised user accounts. Invalid authorization can be
Episode
00:00:00
00:00:00