CVE-2022-24665 PHP Code Snippets were included in 2.0.3 of PHP Everywhere, which allowed execution of code snippets by any user able to edit posts.
This functionality was intentionally disabled by the developers of the plugin in order to prevent any possible security issues.
The snipped code could be posted
CVE-2022-24663 PHP Code Snippets can be executed via WordPress shortcodes in PHP Everywhere =2.0.3.
The snipping functionality was disabled by default in PHP 5.3 and 5.4 due to security issues. If you were using PHP 5.3
CVE-2022-23638 - Security Flaw in svg-sanitizer Library Leads to XSS Attacks
svg-sanitizer is a popular PHP library used for cleaning and validating SVG files. It is commonly integrated in web platforms to ensure that uploaded SVGs
CVE-2022-0557 OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
It has been fixed in version 1.2.12. In older versions, attackers could inject an arbitrary command as GET or POST request parameter by
CVE-2022-22534 - Exploiting SAP NetWeaver Vulnerability to Steal User IDs and Passwords
Summary:
A critical vulnerability, CVE-2022-22534, was discovered in SAP NetWeaver. The flaw is due to insufficient encoding of user input, letting unauthenticated attackers inject code
Episode
00:00:00
00:00:00