Java templating engine Pebble was vulnerable to a bug that could allow attackers to bypass its security mechanisms and conduct command injection attacks against host servers. Pebble Templates...
A critical command injection vulnerability in a Bitbucket product could allow an attacker to execute arbitrary code, researchers warn. Bitbucket is a Git-based source code repository hosting service...
Despite growing awareness of secure coding practices in software companies, developers are struggling to discover and report security issues during code reviews, according to a study...
A security vulnerability in file transfer software CompleteFTP allowed unauthenticated attackers to delete arbitrary files on affected installations. Developed by EnterpriseDT of Australia, CompleteFTP is a proprietary FTP...
Supply chain attacks on the rise, costing businesses more year on year as organizations failing to implement zero trust strategies. This is according to IBM’s new Cost...
UPDATED A critical SpEL injection vulnerability whose abuse leads to remote code execution (RCE) has been patched in Spring Data MongoDB, which provides object-document support and repositories...
A catastrophic vulnerability in the implementation of certain encryption operations in Java JDK makes it easy for attackers to forge counterfeit credentials. The cryptographic weakness – which affects...
Developers have patched a popular Ruby library for parsing and converting AsciiDoc files to safeguard servers against a newly discovered command injection vulnerability. Command injection vulnerabilities allow...
The Cyber Security Agency of Singapore (CSA) has launched a certification program to incentivize businesses of various sizes to bolster their security posture. Launched on March 29,...
A bug in one of PHP’s functions made it possible to bypass security measures meant to protect web applications against malicious user input, a security researcher...
Recent Comments