CVE-2024-35349 - Critical SQL Injection in Diño Physics School Assistant 2.3 – Full Exploit & Analysis
In June 2024, security researchers identified a dangerous SQL Injection vulnerability in Diño Physics School Assistant, version 2.3. The flaw affects the /admin/category/
CVE-2024-22641 - ReDoS Vulnerability in TCPDF When Parsing Untrusted SVG Files
On January 17, 2024, CVE-2024-22641 was published. This vulnerability affects TCPDF, a popular PHP library for generating PDF documents. Specifically, TCPDF versions 6.6.5
CVE-2024-35621 - Exploiting XSS in Formwork Edit Function (Before 1.13.)
CVE-2024-35621 is a critical cross-site scripting (XSS) vulnerability that affects the Edit function in Formwork versions before 1.13.. By leveraging this flaw, attackers can
CVE-2024-36428 - Understanding and Exploiting the OrangeHRM 3.3.3 SQL Injection via admin/viewProjects sortOrder
In June 2024, a new SQL Injection vulnerability—CVE-2024-36428—was disclosed in the open-source human resource management platform OrangeHRM version 3.3.3. This vulnerability
CVE-2024-35374 - Remote Code Execution in Mocodo Online via Unsanitized `sql_case` Input
A critical security vulnerability, CVE-2024-35374, has been identified in Mocodo Online, affecting version 4.2.6 and below. This flaw allows attackers to perform remote
Episode
00:00:00
00:00:00