CVE-2022-23863 - How an Authenticated User Can Change Any Password in Zoho ManageEngine Desktop Central (before 10.1.2137.10)
In February 2022, a critical vulnerability (CVE-2022-23863) was discovered in Zoho’s ManageEngine Desktop Central, affecting software versions prior to 10.1.2137.10. This
CVE-2022-21686 - Twig Code Injection in PrestaShop Back Office (Simple Exploit Analysis)
PrestaShop is a very popular open-source e-commerce platform that’s been powering thousands of online stores worldwide. But like many complex platforms, it has its
CVE-2022-23993 - How a Simple Echo in pfSense’s pkg.php Opened the Door to XSS
If you run pfSense as your firewall, you know just how critical patches and security are. Today, we'll deep-dive into CVE-2022-23993—a now-fixed
CVE-2022-0378 - Reflected Cross-Site Scripting (XSS) in Microweber < 1.2.11—How Hackers Could Exploit Your Website
Microweber is an open-source drag-and-drop website builder powered by Laravel. It's quite popular within the PHP and Laravel community, particularly for folks wanting
CVE-2022-0335 - CSRF Vulnerability in Moodle’s “Delete Badge Alignment” – How It Works and How to Protect Your Site
Moodle, the world’s most popular LMS, had a security flaw in versions 3.11 to 3.11.4, 3.10 to 3.10.8,
Episode
00:00:00
00:00:00