CVE-2022-4037 - GitLab Race Condition Allows Email Spoofing and Account Takeover
In late 2022, a serious vulnerability was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE)—tracked as CVE-2022-4037. This issue directly affects all
CVE-2022-30258 Technitium DNS Server through 8.0.2 has V2 domain name resolution vulnerability, which can be exploited to resolve revoked or malicious domains.
An exploit would be successful if an attacker controls a legitimate DNS name, for example using a subdomain of a legitimate domain. An exploit would
CVE-2022-42883 - Sensitive Information Disclosure in Quiz And Survey Master Plugin <= 7.3.10 (WordPress) – Full Analysis & Exploit Details
Posted by: SecurityExplainedAI
Introduction
WordPress is the world’s most popular CMS, so it’s a prime target for both researchers and attackers. One of
CVE-2022-43687 Concrete CMS 9.0.0 - 9.1.2 does not issue a new session ID upon successful OAuth authentication.
If you have a lot of end users who don’t keep their login details up to date, this issue can lead to situations where
CVE-2022-43693 - Concrete CMS CSRF Flaw in Core OAuth – How Attackers Can Hijack Your Login
Concrete CMS is a popular open-source content management system powering many government and enterprise websites. In late 2022, a worrying vulnerability — now tracked as CVE-2022-43693
Episode
00:00:00
00:00:00