CVE-2023-40827 - Remote Code Execution & Information Leak in PF4J via `loadpluginPath` Parameter
On August 2023, a serious security vulnerability was discovered in PF4J (v.3.9. and prior), a popular Java plugin framework. Identified as CVE-2023-40827, this
CVE-2023-34040 - Deserialization Attack Risk in Spring for Apache Kafka—What You Need To Know
In the world of data streaming, Apache Kafka is a powerful tool, while Spring for Apache Kafka makes it much easier to build Java apps
CVE-2022-44729 - Server-Side Request Forgery (SSRF) Vulnerability in Apache XML Graphics Batik (Versions 1.16 and Below)
Recently, a critical vulnerability (CVE-2022-44729) came to light in the Apache XML Graphics Batik library. This security issue can be exploited to perform Server-Side Request
CVE-2022-40433 - Denial of Service in HotSpot JVM’s ciMethodBlocks::make_block_at Function — Exploit Details and Simple Breakdown
Java is everywhere, running millions of apps and systems. The Java Virtual Machine (JVM) is what makes Java code run, and Oracle’s HotSpot is
CVE-2022-46751 - Understanding and Exploiting XML External Entity (XXE) & XML Injection in Apache Ivy
CVE-2022-46751 is a critical vulnerability affecting all versions of Apache Ivy prior to 2.5.2. The flaw resides in how Ivy handles XML files—
Episode
00:00:00
00:00:00