CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited

CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed ...
GitHub

java-deserialization-cheat-sheet/README.md at master · nessthebest27-maker/java-deserialization-cheat-sheet · GitHub

A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries. Please, use #javadeser hash tag for tweets.
GitHub

GHSA-2cqq-rpvq-g5qj.json

"summary": "OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM", "details": "## Summary\n ...
Morningstar

Azul Shows That Mean Time to Exploit Java Vulnerabilities Drops to Five Days

Azul webinar series examines the hidden security, compliance and productivity costs of free Java runtimes Azul, the trusted leader in enterprise Java for today’s AI and cloud-first world, today ...
Infosecurity-magazine.com

SolarWinds Web Help Desk Vulnerability Actively Exploited

A US security agency has warned SolarWinds Web Help Desk users that a remote code execution (RCE) vulnerability patched by the vendor last week is being actively exploited. The US Cybersecurity and ...
Psychology Today

Vulnerability Without Self-Trust Isn’t Courage

Over the past decade, vulnerability has become one of the most celebrated leadership virtues. We’ve collectively learned that sharing more builds trust, openness equals authenticity, and that the ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...
TechSpot

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Facepalm: A widely used web technology is affected by a serious security vulnerability that can be exploited with minimal effort to compromise servers. Known as "React2Shell," the flaw may require ...
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...
InfoWorld

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...
IEEE

LiteCobra: Enhancing Java Deserialization Vulnerability Detection with Call Graph Pruning

Abstract: Java deserialization vulnerabilities have become a critical security threat, challenging to detect and even harder to exploit due to deserialization's flexible and customizable nature.