CVE-2026-40478 - Breaking Down The Thymeleaf SSTI Security Bypass Vulnerability (With Code & Exploit Details)
On April 2026, a new vulnerability was published for Thymeleaf, a popular Java template engine used by thousands of web applications: CVE-2026-40478. This issue allows
CVE-2026-40175 - Prototype Pollution to RCE in Axios — A Deep Dive
If you’re building with JavaScript, there's a good chance you’ve used Axios for your HTTP requests. It’s everywhere — in backend
CVE-2025-62718 - Axios Proxy Bypass & SSRF Vulnerability Due to Improper NO_PROXY Hostname Handling
Axios is a massively popular HTTP client library for both Node.js and browsers with tens of millions of downloads each week. Many developers trust
CVE-2026-5918 - How a Chrome Navigation Flaw Let Attackers Leak Cross-Origin Data
Google Chrome is generally thought of as a secure browser, but every now and then, even the most popular software can have its blind spots.
CVE-2026-5911 - Policy Bypass in ServiceWorkers on Chrome — How Attackers Could Bypass CSP (with Example Exploit)
In early 2026, a new Chrome vulnerability labeled CVE-2026-5911 was discovered, affecting Chrome versions prior to 147..7727.55. This vulnerability allows a remote attacker
Episode
00:00:00
00:00:00