CVE-2022-32532 - How Misconfigured Regex Can Let Hackers Bypass Authorization in Apache Shiro (Before 1.9.1)
Apache Shiro is a popular security framework for Java, commonly used to handle authentication and authorization in web applications. In 2022, the project disclosed a
CVE-2022-34305 Tomcat versions 10.1.0 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 do not filter user provided data, which exposes a XSS vulnerability.
This has been fixed in these versions. Apache Tomcat 9.0.0-M1, 8.5.0-8, 8.0.18, 7.x versions and earlier are vulnerable.
CVE-2022-33915 The Amazon AWS Log4j hotpatch package is affected by a race condition that could lead to a local privilege escalation.
In most cases, the hotpatch will run successfully. However, if the process exec()s a SUID binary and the process has not been observed, the
CVE-2022-30147 - Windows Installer Elevation of Privilege Vulnerability Explained (With PoC)
Windows is the backbone of personal and corporate computing. But just like any big system, it has its share of vulnerabilities. One such flaw found
CVE-2022-31054 Argo Events is an automation framework for Kubernetes that uses `ioutil.ReadAll()` before version 1.7.1.
The following versions have been reported to be vulnerable: 1.7.0
1.7.1 To check if your application is vulnerable, open the server&
Episode
00:00:00
00:00:00