Pink arrow right
Back to all posts
Mark Szymanski
Mark Szymanski
Technical Product Manager / Product Owner (Java)
. . .
CVE-2026-35554: Apache Kafka Producer Message Corruption and Silent Misrouting (Buffer Pool Race Condition)
Security
Apr 17, 2026
CVE-2026-35554: Apache Kafka Producer Message Corruption and Silent Misrouting (Buffer Pool Race Condition)
How a Kafka Producer Race Condition Leads to Undetected Data Corruption and Unauthorized Topic Exposure
CVE-2026-5795: Jetty Authentication Bypass and Privilege Escalation (JASPIAuthenticator)
Security
Apr 14, 2026
CVE-2026-5795: Jetty Authentication Bypass and Privilege Escalation (JASPIAuthenticator)
How Uncleared ThreadLocal Variables in Jetty's JASPIAuthenticator Enable Authentication Bypass and Cross-User Privilege Escalation
Apache Tomcat CVE Round-Up: 10 Vulnerabilities Patched Across Tomcat 9, 10, and 11 (April 2026)
Security
Apr 10, 2026
Apache Tomcat CVE Round-Up: 10 Vulnerabilities Patched Across Tomcat 9, 10, and 11 (April 2026)
Two High-severity EncryptInterceptor vulnerabilities, a pair of incomplete-patch bypasses, and eight more findings across Tomcat 9, 10, and 11 — here is what changed and what still needs attention.
CVE-2026-22750: How to Detect and Remediate the Spring Cloud Gateway 4.2.0 SSL Bundle Bypass
Security
Apr 9, 2026
CVE-2026-22750: How to Detect and Remediate the Spring Cloud Gateway 4.2.0 SSL Bundle Bypass
CVE-2026-22750 silently bypasses SSL bundle configuration in Spring Cloud Gateway 4.2.0 — here's who's affected, what's at risk, and how to remediate.
Spring Boot Authentication Bypass: Two New CVEs That Enterprise Teams Cannot Afford to Ignore ( CVE-2026-22731, CVE-2026-22733)
Security
Mar 24, 2026
Spring Boot Authentication Bypass: Two New CVEs That Enterprise Teams Cannot Afford to Ignore ( CVE-2026-22731, CVE-2026-22733)
HIGH | March 19, 2026 | CVE-2026-22731, CVE-2026-22733