CVE-2022-38801 - How Employees Can Hijack Admin Sessions in ZKTeco BioTime (<8.5.3 Build:20200816.447) Using Blind XSS
ZKTeco’s BioTime is a popular time attendance and workforce management system used worldwide by small and large companies. On August 19, 2022, a severe
CVE-2022-41413 - Deep Dive Into perfSONAR CSRF Vulnerability and How It Can Be Exploited
In late 2022, a critical Cross-Site Request Forgery (CSRF) vulnerability was discovered in perfSONAR, an open source network measurement toolkit widely adopted by education and
CVE-2022-4029 - Reflected Cross-Site Scripting in Simple:Press WordPress Plugin Explained
The world of WordPress plugins is vast, offering millions of users great features—but sometimes, new features come with new risks. Among these risks was
CVE-2022-4027 - Exploiting Stored XSS in Simple:Press WordPress Plugin (<= 6.8)
If you’re running a WordPress site with forums powered by the Simple:Press plugin, there’s an important vulnerability you need to know about.
CVE-2021-31693 - Exploiting XSS in 10Web Photo Gallery Plugin for WordPress (Through 1.5.68)
The 10Web Photo Gallery plugin is popular among WordPress users for creating attractive image galleries. However, security researchers discovered a serious vulnerability—CVE-2021-31693—which can
Episode
00:00:00
00:00:00