CVE-2026-20863

creationtimestamp| type| source ---|---|--- 2026-01-13 18:01:16+00:00| seen| https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review 2026-01-13 18:16:30+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0007 2026-04-10 10:53:42+00:00| seen|...

CVE-2026-20863

CVE-2026-20863 is a local privilege escalation in Windows Win32K (ICOMP) caused by a double-free condition. Exploitable by an authorized local attacker with LOW privileges and no user interaction, leading to SYSTEM-level access as described in multiple feeds. Connected documents confirm a Win32K ...

PT-2026-2708

CVE-2026-20863 Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. https://t.co/OJll1df465...

Linux Distros Unpatched Vulnerability : CVE-2023-20863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may...

CVE-2024-20863

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2019-20863

An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted...

CVE-2024-20863

creationtimestamp| type| source ---|---|--- 2025-02-14 10:00:35+00:00| seen| Telegram/hMWFJRuwqVw-AD9u5EDzUWAF9qdBYY3zfCVwv3CJe1jjKQdC...

Security Bulletin: IBM Common Licensing's Administration And Reporting Tool (ART) and IBM LKS Administration Agent are affected by Spring Framework vulnerabilities.

Summary Multiple vulnerabilites in Spring Framework affect IBM Common Licensing. Security Vulnerablities have been addressed in IBM Common Licensing. Remediations/Fixes section address remediation actions. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is...

CVE-2024-20863

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code...

Vulnerabilities fixed in Oracle Financial Services Applications

Vulnerabilities have been fixed in Oracle Financial Services Applications products. A malicious party could exploit them to launch attacks that can result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Accessing sensitive data Oracle has...

Security Bulletin: IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation

Summary IBM Spectrum Symphony with Spring Framework is vulnerable to a denial of service, caused by improper input validation Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially crafted SpEL expression,...

Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator

Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input...

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20861 and CVE-2023-20863 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20861 and CVE-2023-20863. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service. By sending a specially...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Framework denial of service vulnerabilitiy [CVE-2023-20863]

Summary Potential VMware Tanzu Spring Framework denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-20863 Vulnerability Details...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2023-20863)

Summary A vulnerability in VMware Tanzu Spring Framework used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially...

Oracle Primavera Gateway (Jul 2023 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Commons Net. Supported versions that...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Framework (CVE-2023-20863)

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in VMware Tanzu Spring Boot, caused by improper input validation CVE-2023-20863. VMware Tanzu Spring Framework is used as part of our Speech Service microservices. This...

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining . CVE-2023-20863

Summary There is a vulnerability in Spring Framework that could allow a remote authenticated attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in VMware Tanzu Spring Framework affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary Multiple vulnerabilities exist in VMware Tanzu Spring Framework, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION...

Security Bulletin: Vulnerability in spring-expressions may affect IBM Business Automation Workflow - CVE-2023-20863

Summary IBM Business Automation Workflow packages a vulnerable copy of spring-expressions in BPM/Lombardi/lib. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially...