CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

SAP Patchday: One critical SQL injection vulnerability – and 18 others

On the April Patchday, SAP addresses vulnerabilities with 19 security notes. One critical vulnerability allows the injection ...