CVE-2023-31485 - Exploiting Insecure GitLab API v4 Connections (No TLS Cert Check)
In 2023, security researchers discovered a critical flaw in the popular GitLab::API::v4 Ruby gem—a tool widely used by developers and automation scripts
CVE-2023-0922 - How Samba Exposed Your Reset Passwords Over Unencrypted Connections (With Exploit Example)
---
Overview
In early 2023, a major security flaw hit Samba’s Active Directory Domain Controller (AD DC) admin tool. Tagged CVE-2023-0922, this bug exposed
CVE-2023-23915 - How a Parallel Request Bug in curl <v7.88. Leaks Your Data
curl is one of the most popular command-line tools for transferring data, used everywhere from simple downloads to enterprise scripts and critical infrastructure. It’s
CVE-2022-46176 - How Cargo’s Missed SSH Host Key Check Opened the Door to MITM Attacks
CVE-2022-46176 is a serious vulnerability that affected the Cargo package manager, the tool used by most Rust programmers. This bug allowed attackers to perform man-in-the-middle
CVE-2022-39334 - How a Nextcloud CLI Vulnerability Could Expose Your Secrets
If you use Nextcloud for syncing files and automation, you probably appreciate its flexibility. For advanced scenarios, there’s a command-line tool called nextcloudcmd that
Episode
00:00:00
00:00:00