CVE-2022-25644 Package @pendo324/get-process-by-name is vulnerable to Arbitrary Code Execution due to improper sanitization.
To exploit this issue, an attacker needs to construct a malicious .js file and feed it to a user. This can be done by uploading
CVE-2022-36614 Totolink A860R v4.1.2cu.5182_B20201027 had a hardcoded password for root at /etc/shadow.sample.
A hardcoded password, such as this one, is a very bad sign. It means that the device was probably developed by a third party. The
CVE-2022-31499 An attacker can inject OS commands into E3-Series devices before 0.32-08f.
This issue has been assigned the CVE identifier CVE-2019-7256. In the above-mentioned devices, there is a race condition in the handling of the PRN bit
CVE-2022-37333 An injection vulnerability in Exment (PHP8, 7, and 2.5) allows remote attackers to inject arbitrary web
users.
The SQL injection flaw was discovered by Tavis Ormandy of Google. The problem resides in the Exment's integration with the Laravel ecosystem. This
CVE-2022-25942 An OOB read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution.
HDF5 is a high performance data storage format used in a wide-range of fields such as scientific research, genomics, and big data analytics. HDF5 is
Episode
00:00:00
00:00:00