Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

The Exploit Podcast: CVEs and Security News
30/01/2025 19 min Temporada 1 Episodio 2

Listen "Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more"

Descargar episodio Ver en sitio original

Episode Synopsis

Week ending 16th Jan. This podcast episode delves into recent critical software vulnerabilities, breaking down their technical details and real-world implications. Topics include server-side template injection (SSTI), OAuth nonce predictability, OS command injection, and file upload vulnerabilities. The discussion explores how attackers exploit these weaknesses, the potential impact on systems and users, and best practices for mitigation. Whether you're a cybersecurity professional or just interested in software security, this episode provides valuable insights into the latest threats and defense strategies.
These podcasts are auto-generated from the CVE feeds. Please use the information at your own risk.

More episodes of the podcast The Exploit Podcast: CVEs and Security News

Camera Hijack on Unifi Protect, Dylib Hijacking in Davinci Resolve, Non-deterministic Deserialization in IBC-go, Authentication Bypass in CyberArk, RCE in Uniguest Tripleplay and more 07/03/2025
JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more 27/02/2025
Integer Overflow in Mercedes-Benz, RCE via Deserialization in Apache Ignite, Improper Authentication in Orca HCM, Plaintext Password in Netgear C7800 and more 20/02/2025
Remote code execution via Prompt Injection in PandasAI, Unverified password change vulnerability in Janto, Private Key Extraction in Elliptic (JS) and Regex Denial of Service in Koa and more 13/02/2025
Django Unicorn Class Pollution, GeoTools XPath Manipulation, Eladmin CSV Injection, Zimbra SQL Injection, Woocomerce Taxi Booking Deserialization and more 06/02/2025
Code Injection via UnTar in DJL, Header Bypass in ismp-grandpa, Arbitrary File Upload in Wordpress Plugin and more 30/01/2025
Account Takeover in Wordpress Plugin, SQL Injection in APlus, SSRF in Apache Ranger UI and more 30/01/2025
OpenVPN Code Injection, go-git Command Injection, Perl OAuth Nonce Manipulation and more 30/01/2025
© 2003-2025 ZARZA | AHEAD OF OUR TIME
privacy policy
In God we trust In God we trust
PreSales Questions? Click Here
or call our toll-free line at +1-888-5002068 Miami, Florida, USA