Endor Labs notes in their report that Thymeleaf has defense-in-depth layers to block dangerous expressions and in this case two of them failed. For example, a string check scanned the …
Tag:
critical
Safety & Security
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
by David Walker
Ravie LakshmananFeb 18, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow …
Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support appliances, which included …
Safety & Security
Ivanti patches two actively exploited critical vulnerabilities in EPMM
by David Walker
The company advises triaging logs with the ^(?!127\.0\.0\.1:\d+ .*$).*?\/mifs\/c\/(aft|app)store\/fob\/.*?404 regular expression and looking for HTTP 404 error response codes as well as GET requests with parameters that have bash commands. …
The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack. On Jan. 13, Fortinet disclosed a critical …
Erik Avakian, technical counselor at Info-Tech Research Group, explained why this is an issue. “There’s a critical flaw in the management server in how one of its background services handles …
Attackers are actively exploiting a critical vulnerability in MongoDB to steal sensitive information directly from an affected server’s memory. The attacks appear to have started on Dec. 29, barely three …
Safety & Security
Critical vulnerability in IBM API Connect could allow authentication bypass
by David Walker
This, said Gogia, further elevates the risk. “That is not a cosmetic detail,” he noted. “Management planes define configuration truth, lifecycle control, and operational authority across the platform. When remediation …
Safety & Security
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
by David Walker
Dec 30, 2026Ravie LakshmananVulnerability / Email Security The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that …
Safety & Security
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
by David Walker
Dec 26, 2025Ravie LakshmananAI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even …
- 1
- 2