CVE-2022-0788 The WordPress plugin before 1.5.0 does not sanitize and escape a parameter before using it in a SQL statement, which can be exploited by unauthenticated users.
If a user can inject a WP REST API endpoint via a SQL injection, then the WP REST API can be used to perform any
CVE-2022-26134 - Simple Exploit and Deep Dive on the Confluence OGNL Injection Vulnerability
CVE-2022-26134 is a critical security vulnerability found in Atlassian’s Confluence Server and Data Center. It allows an attacker, with no need to log in
CVE-2022-31023 Framework is vulnerable to generating error messages containing sensitive information.
This issue was discovered by Jan Fisser of WhiteSource. As an extra precaution, it is recommended that users upgrade to version 2.8.16 or
CVE-2022-31018 - Denial of Service in Play Framework's Forms Library due to Deeply Nested JSON
Play Framework is popular among Java and Scala developers for building fast, scalable web applications. However, from version 2.8.3 to 2.8.15,
CVE-2022-27779 - How libcurl’s Trailing Dot Cookie Bug Leaked Cookies Across TLDs
In 2022, a somewhat obscure yet critical security flaw was disclosed in libcurl, the widely used data transfer library. The bug, tracked as CVE-2022-27779, allowed
Episode
00:00:00
00:00:00