CVE-2022-42110 An XSS vulnerability in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script.
When creating a new Announcement, the application does not properly sanitize user-supplied input, resulting in XSS. When editing an existing Announcement, the application does not
CVE-2022-3993 Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
Credit goes to Ting Liu from Nanjgtech for reporting this. Kavita prior to 0.6.0.3 did not have any protection against user-provided information
CVE-2022-45136 Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker controls the JDBC URL or causes the underlying database server to return malicious data.
Apache Jena TDB is a drop-in replacement for Apache Jena SDB and can be used in the same applications without any changes required. The Apache
CVE-2022-45378 Apache SOAP's RPCRouterServlet has no authentication, which gives attackers the ability to invoke methods on the classpath.
Due to the fact that Apache SOAP versions 1.2, 1.3 and 1.4 are no longer supported, this vulnerability poses a critical risk
CVE-2022-27949: Unmasking Secrets in Apache Airflow UI – Don't Get Caught in the Wind!
A recent vulnerability affecting Apache Airflow, tracked as CVE-2022-27949, exposes secrets in the platform's UI component. Apache Airflow is widely used for building,
Episode
00:00:00
00:00:00