CVE-2022-26119 - Exploiting Fortinet FortiSIEM’s Hardcoded Glassfish Password for Unauthorized Access
Fortinet, a well-known security vendor, offers FortiSIEM – a product for Security Information and Event Management (SIEM) used by thousands of organizations to monitor and respond
CVE-2022-42252 - Apache Tomcat’s Smuggling Time Bomb – Explaining the Vulnerability, Exploit Steps, and Prevention
Apache Tomcat is one of the internet’s most trusted open-source web servers for running Java applications. But like all software, Tomcat can sometimes give
CVE-2022-2572 In affected versions of Octopus Server, it was possible that the API key/keys of a deleted user were still valid.
As a result, it was possible for that user or group to request access to the API via the management interface. Fixed in Version 3.
CVE-2022-39026 - How Insufficient Header Filtering in U-Office Force UserDefault Enables Nasty Stored XSS Attacks
---
Introduction: What is CVE-2022-39026?
CVE-2022-39026 is a serious web security vulnerability found in the U-Office Force UserDefault page. This flaw happens because the application
CVE-2022-40739 - Exploiting XSS Vulnerability in Ragic Report Generation Page
In September 2022, a security vulnerability labeled CVE-2022-40739 was disclosed, affecting the popular cloud-based database builder, Ragic. This flaw allows attackers with basic access to
Episode
00:00:00
00:00:00