CVE-2026-40478 - Breaking Down The Thymeleaf SSTI Security Bypass Vulnerability (With Code & Exploit Details)
On April 2026, a new vulnerability was published for Thymeleaf, a popular Java template engine used by thousands of web applications: CVE-2026-40478. This issue allows
CVE-2026-5052 - Vault PKI ACME Validation Bypass – Local Network Danger Explained
A newly disclosed vulnerability, CVE-2026-5052, impacts HashiCorp Vault's Public Key Infrastructure (PKI) engine, particularly when using the Automatic Certificate Management Environment (ACME) protocol.
CVE-2026-6298 - Heap Buffer Overflow in Skia (Google Chrome) – Critical InfoLeak Exploit Explained
Chrome has long been known for its emphasis on security, but occasionally, critical vulnerabilities still slip through the cracks. One such bug, CVE-2026-6298, was discovered
CVE-2026-40175 - Prototype Pollution to RCE in Axios — A Deep Dive
If you’re building with JavaScript, there's a good chance you’ve used Axios for your HTTP requests. It’s everywhere — in backend
CVE-2025-62718 - Axios Proxy Bypass & SSRF Vulnerability Due to Improper NO_PROXY Hostname Handling
Axios is a massively popular HTTP client library for both Node.js and browsers with tens of millions of downloads each week. Many developers trust
Episode
00:00:00
00:00:00