top of page
ALL POSTS
Multiple Security Flaws Resolved Across Framework and Core Application Components
Key Findings Java ecosystem receives critical security patches addressing multiple high-severity vulnerabilities across Spring Security, Spring Web Services, and Spring GraphQL frameworks Cross-site scripting flaw (CVE-2026-41003) in authentication filters allows remote code execution within user sessions Server-side request forgery vulnerability (CVE-2026-40999) enables attackers to access internal hosts and cloud metadata endpoints Unsafe deserialization defect (CVE-2026-41
Jun 123 min read
Cisco Unified CM Critical Vulnerability: Public Exploit Code Now Available
Key Findings CVE-2026-20230 affects Cisco Unified CM with a CVSS score of 8.6, elevated to Critical severity by vendor Unauthenticated remote attackers can exploit an SSRF flaw to write unauthorized files and potentially gain root access Public proof-of-concept exploit code is already available Vulnerability requires WebDialer service to be enabled, which is disabled by default Fixed releases available: version 14SU6 for Release 14 and 15SU5 for Release 15 No complete workaro
Jun 42 min read
bottom of page
