CVE-2022-20763 - Exploiting Java Code Injection in Cisco Webex Meetings Login (Explained with Code and Attack Details)
Cisco Webex Meetings is one of the most popular tools for online meetings and video conferencing. However, in 2022, a critical vulnerability was discovered in
CVE-2022-22965 An MVC or Spring WebFlux application may be vulnerable to remote code execution if it runs on Tomcat as a WAR deployment.
If the application is running on JDK 9, i.e. Spring Boot 1.4 or later, it is not vulnerable. It is possible for an
CVE-2022-24299 - How Improper Input Validation in pfSense Could Let Attackers Run Any Command
If you're running pfSense for your network firewall or VPN, you need to know about CVE-2022-24299. This is a serious security weakness that,
CVE-2022-27772 Spring Boot versions 2.2.11 was vulnerable to temp directory hijacking.
For more information, see Trend Micro's knowledge base: https://support.trendmicro.com/hc/en-u/articles/20360188-How-can-I-prevent-spring-boot-vulnerabilities. We recommend upgrading to Spring Boot v2.
CVE-2022-25517 - SQL Injection Vulnerability in MyBatis Plus v3.4.3 via AbstractWrapper.java Column Parameter
MyBatis Plus is a popular enhancement of the MyBatis framework, widely used in Java applications for simplifying database operations. In early 2022, researchers discovered a
Episode
00:00:00
00:00:00