DiscoverThe Exploit Podcast: CVEs and Security NewsSearch Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more
Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

Update: 2025-01-30
Share

Description

Week ending 16th Jan. This podcast episode delves into recent critical software vulnerabilities, breaking down their technical details and real-world implications. Topics include server-side template injection (SSTI), OAuth nonce predictability, OS command injection, and file upload vulnerabilities. The discussion explores how attackers exploit these weaknesses, the potential impact on systems and users, and best practices for mitigation. Whether you're a cybersecurity professional or just interested in software security, this episode provides valuable insights into the latest threats and defense strategies.


These podcasts are auto-generated from the CVE feeds. Please use the information at your own risk.



Comments 
In Channel
Camera Hijack on Unifi Protect, Dylib Hijacking in Davinci Resolve, Non-deterministic Deserialization in IBC-go, Authentication Bypass in CyberArk, RCE in Uniguest Tripleplay and more

Camera Hijack on Unifi Protect, Dylib Hijacking in Davinci Resolve, Non-deterministic Deserialization in IBC-go, Authentication Bypass in CyberArk, RCE in Uniguest Tripleplay and more

2025-03-0728:46

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

JWT Validation Failure In Jupyter Hub, Arbitrary File Upload and SQL Injection in Mattermost, Path Traversal File Deletion in Mautic, Desrialization Of Untrusted Data in MetaSlider and more

2025-02-2718:42

Integer Overflow in Mercedes-Benz, RCE via Deserialization in Apache Ignite, Improper Authentication in Orca HCM, Plaintext Password in Netgear C7800 and more

Integer Overflow in Mercedes-Benz, RCE via Deserialization in Apache Ignite, Improper Authentication in Orca HCM, Plaintext Password in Netgear C7800 and more

2025-02-2030:03

Remote code execution via Prompt Injection in PandasAI, Unverified password change vulnerability in Janto, Private Key Extraction in Elliptic (JS) and Regex Denial of Service in Koa and more

Remote code execution via Prompt Injection in PandasAI, Unverified password change vulnerability in Janto, Private Key Extraction in Elliptic (JS) and Regex Denial of Service in Koa and more

2025-02-1326:20

Django Unicorn Class Pollution, GeoTools XPath Manipulation, Eladmin CSV Injection, Zimbra SQL Injection, Woocomerce Taxi Booking Deserialization and more

Django Unicorn Class Pollution, GeoTools XPath Manipulation, Eladmin CSV Injection, Zimbra SQL Injection, Woocomerce Taxi Booking Deserialization and more

2025-02-0620:20

Code Injection via UnTar in DJL, Header Bypass in ismp-grandpa, Arbitrary File Upload in Wordpress Plugin and more

Code Injection via UnTar in DJL, Header Bypass in ismp-grandpa, Arbitrary File Upload in Wordpress Plugin and more

2025-01-3034:55

Account Takeover in Wordpress Plugin, SQL Injection in APlus, SSRF in Apache Ranger UI and more

Account Takeover in Wordpress Plugin, SQL Injection in APlus, SSRF in Apache Ranger UI and more

2025-01-3022:57

Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

2025-01-3019:06

OpenVPN Code Injection, go-git Command Injection, Perl OAuth Nonce Manipulation and more

OpenVPN Code Injection, go-git Command Injection, Perl OAuth Nonce Manipulation and more

2025-01-3016:11

Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

Search Injection in Mongoose, Insecure Serialization Rosa Open Source, XWiki Realtime Editor Privilege Escalation and more

SecurityPod