CVE-2023-38503 - Unauthorized Data Leak via GraphQL Subscriptions in Directus (Exploit & Details)
Directus is a popular, open-source headless CMS that acts as both an app dashboard and real-time API for SQL databases. In 2023, a major authorization
CVE-2022-46898 - Vocera Report Server Path Traversal & SQL Injection via Unsanitized Filename
In 2022, a significant vulnerability (CVE-2022-46898) was discovered in Vocera Report Server and Voice Server versions 5.x through 5.8. This flaw allows an
CVE-2022-46901 - Unauthenticated Websocket Exploit in Vocera Voice & Report Server 5.x
Vocera, widely used across healthcare and enterprise environments for hands-free communication, suffered a serious vulnerability in its 5.x software line. In late 2022, CVE-2022-46901
CVE-2023-2850: NodeBB Cross-Site WebSocket Hijacking Vulnerability Puts User Information at Risk
A recently discovered vulnerability, CVE-2023-2850, affects NodeBB, which is a popular open-source forum software for web applications. This vulnerability exploits a security hole in the
CVE-2023-23602 - How a WebWorker Bypass Put Firefox Users at Risk
Web security matters. Sometimes, even small mistakes can open up surprising holes, and that's exactly what happened with CVE-2023-23602, a vulnerability that slipped
Episode
00:00:00
00:00:00