CVE-2024-1657 - Insecure WebSocket in Ansible Automation Platform Lets Attackers Steal Rulebook Data
Summary:
In early 2024, a critical vulnerability (CVE-2024-1657) was identified in the Ansible Automation Platform. This issue was caused by the use of an insecure
CVE-2024-23898 - Breaking Jenkins Security – A Deep Dive into Critical CSWSH Vulnerability (with Exploit Details)
Jenkins is one of the most popular automation servers out there. Hundreds of thousands of companies rely on it to build, test, and ship their
CVE-2023-2848 - How a Missing Header Let Attackers Hijack WebSockets in Movim (Pre-.22)
In the world of open-source social networking, security can sometimes be overlooked. That happened in Movim, a decentralized social platform built on XMPP. Before version
CVE-2023-29505 - WebSocket Hijacking in Zoho ManageEngine Network Configuration Manager 12.6.165
In April 2023, a serious security vulnerability—CVE-2023-29505—was discovered in Zoho ManageEngine Network Configuration Manager (NCM) version 12.6.165. This flaw allows cross-site
CVE-2023-38503 - Unauthorized Data Leak via GraphQL Subscriptions in Directus (Exploit & Details)
Directus is a popular, open-source headless CMS that acts as both an app dashboard and real-time API for SQL databases. In 2023, a major authorization
Episode
00:00:00
00:00:00