CVE-2023-38703 - The PJSIP SRTP Use-After-Free Vulnerability Explained
If you're building or maintaining VoIP or multimedia communication apps using PJSIP, you need to know about CVE-2023-38703. This long-read post will take
CVE-2023-4586 - Exposing Hot Rod Client to MITM Attacks Due to Disabled Hostname Validation
In June 2023, security experts discovered a vulnerability identified as CVE-2023-4586 affecting the Hot Rod client—a Java-based protocol used by Infinispan and other distributed
CVE-2023-39410 - Apache Avro Deserialization Bug Can Crash Java Applications – A Deep Dive
In today's world, data interchange formats like Avro are everywhere – powering everything from big data pipelines to messaging systems. But what happens when
CVE-2023-43856 - Arbitrary File Read Vulnerability in Dreamer CMS v4.1.3 Explained
In September 2023, an arbitrary file read vulnerability — now tracked as CVE-2023-43856 — was found in Dreamer CMS v4.1.3. This bug could let an
CVE-2023-5183 - Exploiting Unsafe JSON Deserialization in Illumio PCE’s network_traffic API Endpoint
In early 2023, a critical vulnerability—CVE-2023-5183—was disclosed, affecting the Illumio Policy Compute Engine (PCE), a widely-deployed security solution in enterprise environments. This vulnerability
Episode
00:00:00
00:00:00