Threat Post

Java, Python FTP Injection Attacks Bypass Firewalls

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Newly disclosed FTP injection ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
Bleeping Computer

Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, Cybersecurity ...
Dark Reading

Another Java Zero-Day Vulnerability Hits Black Market

Call it malware cash and carry: Less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by ...
CSOonline

New Log4Shell-like vulnerability impacts H2 Java SQL database

Researchers warn of critical Java flaw impacting the console of the H2 Java SQL database. Users are advised to update their H2 database to mitigate remote code execution risk. Researchers have warned ...
Dark Reading

Java Vulnerability Affects 1 Billion Plug-ins

Anyone still using a Java plug-in in their Web browser, beware: Another major, new--and as yet unpatched--vulnerability has been spotted in Java. Unfortunately, unlike a number of the other, recently ...