![CVE-2022-1463 The Booking Calendar plugin is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode up to and including version 9.1](/content/images/size/w720/2022/08/CVE-2022-1463.png)
CVE-2022-1463 The Booking Calendar plugin is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode up to and including version 9.1
If a user is able to access the booking calendar via a route such as http://host/booking-calendar/(booking_location) they could inject arbitrary code
CVE-2022-29972 An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver may allow a local user to execute arbitrary code.
An attacker may leverage this vulnerability to inject commands into the database or cause the server to process malicious commands. In certain configurations, this may
CVE-2022-29155 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, which is vulnerable to SQL injection.
A remote attacker may leverage this vulnerability to perform SQL injection and may also obtain additional system privileges.
OpenLDAP is updated to 2.5.13
CVE-2022-21227 - How a Simple `toString` in sqlite3 Could Crash Your Node.js App
The software world is full of small missteps that lead to big problems. One such issue is CVE-2022-21227, a vulnerability in the popular Node.js
CVE-2022-20786 - SQL Injection in Cisco Unified Communications Manager IM & Presence Service – Explained and Exploited
In early 2022, Cisco disclosed CVE-2022-20786, a security issue affecting the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM
Episode
00:00:00
00:00:00