CVE-2026-3254 - GitLab Mermaid Sandbox Vulnerability Explained – What Happened, How to Exploit, and How to Stay Safe
---
Intro
On June 12, 2026, GitLab published a critical fix for a vulnerability, now tracked as CVE-2026-3254, which affects all GitLab Community and Enterprise
CVE-2026-40478 - Breaking Down The Thymeleaf SSTI Security Bypass Vulnerability (With Code & Exploit Details)
On April 2026, a new vulnerability was published for Thymeleaf, a popular Java template engine used by thousands of web applications: CVE-2026-40478. This issue allows
CVE-2026-5052 - Vault PKI ACME Validation Bypass – Local Network Danger Explained
A newly disclosed vulnerability, CVE-2026-5052, impacts HashiCorp Vault's Public Key Infrastructure (PKI) engine, particularly when using the Automatic Certificate Management Environment (ACME) protocol.
CVE-2026-6298 - Heap Buffer Overflow in Skia (Google Chrome) – Critical InfoLeak Exploit Explained
Chrome has long been known for its emphasis on security, but occasionally, critical vulnerabilities still slip through the cracks. One such bug, CVE-2026-6298, was discovered
CVE-2026-40175 - Prototype Pollution to RCE in Axios — A Deep Dive
If you’re building with JavaScript, there's a good chance you’ve used Axios for your HTTP requests. It’s everywhere — in backend
Episode
00:00:00
00:00:00