FastJson Library – RCE
Researchers at JFrog have disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to perform RCE. Fastjson is a Java…
Java Digital Signature Bypass Vulnerability
Security researcher Khaled Nassar released a PoC code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 with CVSS score: 7.5 in Java. An unauthenticated attacker with network access via multiple…
Apache Struts Critical Vulnerability
Apache has fixed a critical vulnerability in Struts that was previously believed to have been resolved but, wasn't fully remedied. Tracked as CVE-2021-31805, the critical vulnerability persistes in Struts 2…
CISA Adds Spring4Shell to its Known Exploited Catalog
Spring4Shell vulnerability (CVE-2022-22965) came to light and it's been a week since the VMware Spring fixed it in new versions of the Spring Framework. There have been reports of scanning, exploit attempts and attempts to deploy a web shell on…
Spring4shell Java RCE ZeroDay in Spring
A zero-day vulnerability was found in the popular Java Web App development framework Spring likely puts a wide variety of Web apps at risk of remote attack. The vulnerability dubbed…