CVE-2026-61450: Improper Control of Generation of Code ('Code Injection') in getgrav grav
Grav CMS versions before 2.0.2 have a vulnerability in the Twig sandbox that allows users with page authoring permissions to bypass sandbox restrictions and access sensitive configuration data. This…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-10-13
This week’s highlights include a new JinJava rule targeting a sandbox-bypass flaw that could allow malicious template input to escape execut

WAF - WAF Release - 2026-06-09
This release introduces new detections for a critical SQL injection vulnerability in Drupal installations utilizing PostgreSQL (CVE-2026-908
Analysis of CVE-2026-4020: Coordinated Google Cloud Fleet Exploiting Gravity SMTP WordPress Vulnerability
Almost every IP we logged exploiting the Gravity SMTP credential bug shares one HTTP fingerprint. Behind it is a Google Cloud fleet of thous
Analysis of CVE-2025-14986: Temporal's Masked Namespace Vulnerability Enabling Cross-Tenant Security Bypass
A deep dive into CVE-2025-14986, a masked namespace vulnerability in Temporal that enabled cross-tenant policy and schema confusion via bund
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

Security Analysis: How Claude Code's Command Allowlisting Can Enable Arbitrary Execution
How allowlisting developer tools in Claude Code can inadvertently allow arbitrary command execution.

Comments
Sign in to join the conversation.
No comments yet. Be the first.