CVE-2024-54151 - Critical Directus WebSockets Vulnerability—How Unauthenticated Users Can Become Admins
Directus is a popular open-source platform that turns any SQL database into a powerful real-time API and user-friendly admin dashboard. With Directus, teams can manage
CVE-2024-9693 - How a GitLab Kubernetes Agent Flaw Risked Your Cluster – Explained with Code and Exploit Details
In early 2024, GitLab disclosed a serious vulnerability (CVE-2024-9693) affecting its Community Edition (CE) and Enterprise Edition (EE) products. This vulnerability put countless Kubernetes clusters
CVE-2024-52532 - Infinite Loop and Memory Exhaustion in GNOME libsoup’s WebSocket Handling
A critical vulnerability has been found in the popular GNOME libsoup library, identified as CVE-2024-52532. This bug can lead to memory exhaustion and application hangs
CVE-2024-42340 - Breaking Down CyberArk’s Dangerous Client-Side Security Flaw (CWE-602)
In June 2024, a critical security vulnerability was disclosed in the CyberArk Privileged Access Security (PAS) Solution, tracked as CVE-2024-42340. This vulnerability is rooted in
CVE-2024-36387 - WebSocket Upgrades Over HTTP/2 Cause Null Pointer Dereference and Server Crashes
In June 2024, a critical vulnerability—CVE-2024-36387—was disclosed in popular web server software. This flaw allows attackers to crash server processes by attempting WebSocket
Episode
00:00:00
00:00:00