Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

CVE-2026-40973 vulnerabilities

Vulnerabilities for packages: nacos-docker, zipkin, kafbat-ui-fips, camunda-zeebe, thingsboard, keycloak-config-cli, kafbat-ui, nacos, apache-nifi-registry...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +5653 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.5.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.5.0, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =0.7.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +5040 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=4.0.0 <=4.0.5)

org.springframework.boot:spring-boot MAVEN version =4.0.0, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +39297 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.3)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

CVE-2026-40973

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack...

CVE-2026-40973

creationtimestamp| type| source ---|---|--- 2026-04-24 13:35:33+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkanfgg2pj2e 2026-04-28 09:27:42+00:00| seen| https://ccb.belgium.be/advisories/warning-multiple-vulnerabilities-spring-boot-patch-immediately...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +5198 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot MAVEN version =4.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40973 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-16198880...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20894 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.0.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

EUVD-2025-40973

Malicious code in tania-mangga32-riris npm...

CVE-2024-40973

creationtimestamp| type| source ---|---|--- 2025-03-08 04:35:52+00:00| seen| Telegram/7AR2mHQZ1FAOn1zCDLLQiaIkXtcQvh8iwPDupfL7MLgksb5Q 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

Linux Distros Unpatched Vulnerability : CVE-2024-40973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: mtk-vcodec: potential null pointer deference in SCP The return value of devmkzalloc needs to be checked to avoid NULL pointer deference. This is similar ...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3592-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3592-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3561-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3561-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The...

openSUSE Security Advisory (SUSE-SU-2024:3564-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3566-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46854: net: dpaa: Pad packets to ETHZLEN bsc1231084. - CVE-2024-46770: ice: Add netifdeviceattach/detach into PF reset flow bsc1230763. - CVE-2024-41073:...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:3553-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3553-1 advisory. The SUSE Linux Enterprise 15 SP6 CoCo kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:3551-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3551-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following securit...

openSUSE Security Advisory (SUSE-SU-2024:3551-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3551-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52610: net/sched: actct: fix skb leak and crash on ooo frags bsc1221610. - CVE-2023-52752: smb: client: fix use-after-free bug in cifsdebugdataprocsho...