CVE-2026-40008: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Apache Software Foundation Apache IoTDB
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using…
Read the full articleYou might also wanna read
Reviewing CVE-2022-42889: The arbitrary code execution vulnerability in Apache Commons Text
In this post we’ll review CVE-2022-42889, the recent Arbitrary Code Execution Vulnerability in Apache Commons Text, including what it is, ho

WAF - WAF Release - 2025-10-13
This week’s highlights include a new JinJava rule targeting a sandbox-bypass flaw that could allow malicious template input to escape execut

WAF - WAF Release - 2025-07-28
This week’s update spotlights several vulnerabilities across Apache Tomcat, MongoDB, and Fortinet FortiWeb. Several flaws related with a mem

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

WAF - WAF Release - 2026-06-15
This week's release introduces new managed protection to address a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) and a

Comments
Sign in to join the conversation.
No comments yet. Be the first.