CVE-2023-0925 - Unauthenticated Remote Code Execution in webMethods OneData via Exposed Java RMI
In early 2023, a critical vulnerability—CVE-2023-0925—was discovered in webMethods OneData (version 10.11), a popular data management platform by Software AG. The vulnerability
CVE-2021-36023 - XML Injection in Magento Widgets Leads to Remote Code Execution
CVE-2021-36023 is an _XML Injection_ flaw in the Widgets "Update Layout" functionality within the Magento admin backend. An attacker with administrator permissions can
CVE-2023-39359 - Privilege Escalation & Remote Code Execution in Cacti via Authenticated SQL Injection
Cacti is a widely-used open source monitoring tool for network and server infrastructure. In November 2023, a critical security vulnerability, CVE-2023-39359, was discovered in Cacti’
CVE-2023-40743 - Dangerous Service Lookups in Apache Axis 1.x Can Lead to RCE, SSRF, and DOS
In August 2023, a high-impact vulnerability was disclosed affecting applications based on Apache Axis 1.x, a Java-based SOAP engine. Identified as CVE-2023-40743, this flaw
CVE-2023-4755 - How the Use-After-Free Bug in gpac/gpac <2.3-DEV Was Found and Exploited
In September 2023, a critical software bug was discovered in the popular open-source multimedia framework, gpac/gpac. Labeled CVE-2023-4755, this vulnerability is a Use-After-Free flaw
Episode
00:00:00
00:00:00