CVE-2022-42002 SonicJS through 0.6.0 has file overwrite mutations fileCreate and fileUpdate.
The fileCreate mutation can be called without any authentication. If a developer had access to this mutation, they could easily overwrite any file on an
CVE-2020-15338 The Zyxel CloudCNM SecuManager has a "Use of GET Request Method With Sensitive Query Strings" issue. This issue may be exploited by attackers to access sensitive information.
In these cases, the server may return a different response code than expected. This issue occurs when the GET request method is used with a
CVE-2022-40929 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.
Microsoft Windows has a feature called background task. It can be used to do tasks at a scheduled time or when the system is idle.
CVE-2022-3075 - A Look Into Chrome’s Mojo Sandbox Escape (with Exploit Details)
Google Chrome is considered one of the most secure web browsers in use today, but its massive codebase sometimes leaves room for dangerous security bugs.
CVE-2022-2861 The Extensions API in Google Chrome prior to 104.0.5112.101 allowed attackers to inject scripts into WebUI.
An attacker could use this to inject content into WebUI, such as a phishing form, or execute arbitrary code. Google Chrome prior to 105.0.
Episode
00:00:00
00:00:00