1420 matches found
Alibaba Cloud Linux 3 : 0089: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2026:0089)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0089 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-43284: The Dirty Frag vulnerability is a...
com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +3 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)
org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve - com.alibaba.cloud.ai:spring-ai-alibaba-studio-client =1.0.0.4 Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624616...
com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory (>=1.0.0.1 <=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-jdbc (>=1.0.0.1 <=1.0.0.4) +2 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc (>=1.0.0-RC1 <=1.0.6)
org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc MAVEN version =1.0.0-RC1, =1.0.0.1, =1.0.0.1, =1.0.0, =1.0.0, =1.0.6 Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624615...
Argo vulnerable to exposure of artifact repository credentials
Summary The workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Git passwords, etc. in plaintext on artifact operation. Any user with read access to workflow pod logs can extract these credentials. Note: This is an...
Alibaba Cloud Linux 3 : 0087: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2026:0087)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0087 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-31431: In the Linux kernel, the following...
com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.3) +5 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0 <=1.1.4)
org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-40966 Source advisory: OSV:GHSA-V6X6-PJXW-3PV2...
com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +3 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)
org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve - com.alibaba.cloud.ai:spring-ai-alibaba-studio-client =1.0.0.4 Source cves: CVE-2026-40966 Source advisory: OSV:GHSA-V6X6-PJXW-3PV2...
ai.driftkit:driftkit-vector-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-vector-spring-ai-starter (>=0.6.0 <=0.8.7) +193 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.0.0 <=1.0.5)
org.springframework.ai:spring-ai-vector-store MAVEN version =1.0.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 - com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long =1.0.0.4 -...
A week in security (April 20 – April 26)
Last week on Malwarebytes Labs: Medical data of 500,000 UK volunteers listed for sale on Alibaba How cyberattacks on companies affect everyone Apple fixes iOS bug that kept deleted notifications, including chat previews Roblox clamps down on chats and age checks as legal pressure builds Malicious...
com.alibaba.cloud.ai:document-parser-apache-pdfbox (>=1.0.0-M5.1 <=1.0.0-M6.1), com.alibaba.cloud.ai:document-parser-bibtex (>=1.0.0-M5.1 <=1.0.0-M6.1) +19 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.0.0-M5 <=1.0.1)
org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.0.0-M5, =1.0.0-M5.1, =1.0.0-M5.1, =1.0.0.1, =1.0.0.1, =1.0.0.1, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.3, =4.2.6 - com.chinagoods.framework.thinkc...
com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-rag-elasticsearch (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-rag (>=1.1.0.0 <=1.1.2.3) +2 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-elasticsearch-store (>=1.1.0-M1 <=1.1.4)
org.springframework.ai:spring-ai-elasticsearch-store MAVEN version =1.1.0-M1, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321388...
com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-admin (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-core (=1.0.0.4) +4 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-elasticsearch-store (>=1.0.0-M5 <=1.0.5)
org.springframework.ai:spring-ai-elasticsearch-store MAVEN version =1.0.0-M5, =4.2.3, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321388...
com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +3 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)
org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve - com.alibaba.cloud.ai:spring-ai-alibaba-studio-client =1.0.0.4 Source cves: CVE-2026-40966 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316424...
com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.3) +5 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0-M3 <=1.1.4)
org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0-M3, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-40966 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316424...
Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos
Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more...
Medical data of 500,000 UK volunteers listed for sale on Alibaba
Half a million Britons signed up to help cure cancer. Their data ended up for sale on Alibaba. The UK Biobank charity informed the British government of an incident concerning the medical data belonging to 500,000 British citizens being offered for sale on the Chinese e-commerce website Alibaba...
Alibaba Cloud Linux 3 : 0075: libpng12 (ALINUX3-SA-2026:0075)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0075 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25646: LIBPNG is a reference library for u...
Alibaba Cloud Linux 3 : 0072: 389-ds:1.4 (ALINUX3-SA-2026:0072)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0072 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-14905: A flaw was found in the 389-ds-base...
Alibaba Cloud Linux 3 : 0074: libpng15 (ALINUX3-SA-2026:0074)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0074 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25646: LIBPNG is a reference library for u...
Alibaba Cloud Linux 3 : 0076: qemu-kvm (ALINUX3-SA-2026:0076)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0076 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-11234: A flaw was found in QEMU. If the...