EUVD-2026-33734

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

CVE-2026-40989 Self Routing guard bypassed via function composition

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from infinite recursion at the routing layer, potentially leading to a memory insufficiency...

PT-2026-45515

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from attempting to add an unlimited number of functions to the function registry, potentially...

CVE-2026-9541

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

CVE-2026-9541 Squirrel Cnut File sqobject.cpp ReadObject heap-based overflow

A security flaw has been discovered in Squirrel up to 3.2. Impacted is the function ReadObject of the file squirrel/sqobject.cpp of the component Cnut File Handler. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been...

SUSE CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

Astra Linux - уязвимость в wireshark

Improper URL handling in Wireshark versions 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 may allow for remote code execution through packet injection or crafted capture files...

Astra Linux - уязвимость в python-django

The % debug % template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS...

CVE-2026-25219 Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...

CVE-2026-39640

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

BIT-AIRFLOW-2025-57735 Apache Airflow: Airflow Logout Not Invalidating JWT

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

CVE-2026-39324 vulnerabilities

Vulnerabilities for packages: pact-broker-docker-fips, ruby4.0-rails, pact-broker-docker, ruby3.3-rails, logstash, ruby3.2-rails, ruby3.4-rails...

Important: Red Hat Security Advisory: RHOAI 3.2 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 3.2 provides these changes:...

EUVD-2025-209371

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

EUVD-2025-209369

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

CVE-2025-57735

When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario...

EUVD-2026-20300

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

CVE-2026-39640

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...