CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-41249 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

Spring Framework 安全漏洞

Spring Framework is a Spring open source application development framework. A security vulnerability exists in Spring Framework that stems from an annotation detection mechanism that fails to properly parse method annotations in generic superclasses, which could lead to an incorrect authorization...

VMware Spring Framework <= 5.3.44, 6.0.0 - 6.1.22, 6.2.0 - 6.2.10 Annotation Detection Vulnerability - Windows

The VMware Spring Framework is prone to an annotation detection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Spring Security 安全漏洞

Spring Security is a Spring open source security framework with authentication and authorization capabilities. A security vulnerability exists in Spring Security that stems from the annotation detection mechanism not being able to correctly resolve annotations for methods in generic superclasses,...

VMware Spring Framework <= 5.3.44, 6.0.0 - 6.1.22, 6.2.0 - 6.2.10 Annotation Detection Vulnerability - Linux

The VMware Spring Framework is prone to an annotation detection vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

DEBIAN-CVE-2022-50291

In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm-rxpsock kcm-rxpsock can be read locklessly in kcmrfree. Annotate the read and writes accordingly. We do the same for kcm-rxwait in the following patch. syzbot reported: BUG: KCSAN: data-race in...

DEBIAN-CVE-2022-50265

In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm-rxwait kcm-rxpsock can be read locklessly in kcmrfree. Annotate the read and writes accordingly. syzbot reported: BUG: KCSAN: data-race in kcmrcvstrparser / kcmrfree write to 0xffff88810784e3d0...

UBUNTU-CVE-2022-50265

In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm-rxwait kcm-rxpsock can be read locklessly in kcmrfree. Annotate the read and writes accordingly. syzbot reported: BUG: KCSAN: data-race in kcmrcvstrparser / kcmrfree write to 0xffff88810784e3d0...

SQL Injection

Django is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of column aliases in FilteredRelation when crafted dictionaries are expanded as keyword arguments to QuerySet.annotate or QuerySet.alias, which allows an attacker to inject and execute arbitrary SQL...

OESA-2025-2236 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

ALPHA: LLM-Enabled Active Learning for Human-Free Network Anomaly Detection

Network log data analysis plays a critical role in detecting security threats and operational anomalies. Traditional log analysis methods for anomaly detection and root cause analysis rely heavily on expert knowledge or fully supervised learning models, both of which require extensive labeled dat...

An Empirical Study of Vulnerabilities in Python Packages and Their Detection

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern, highlighted by the considerable number of vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2020-12052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version 6.7.3 is vulnerable for annotation popup XSS. CVE-2020-12052 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2025-38552 mptcp: plug races between subflow fail and subflow creation

In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trigger. The solution i...

ROS-20250814-02

Ingress controller vulnerability in Kubernetes ingress-nginx cluster is related to errors in the processing of Ingress object annotations. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

OESA-2025-1964 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix ref leak when switching zones When switching zones or network namespaces without doing a ct clear in between, it is now leaking a reference...

Linux Distros Unpatched Vulnerability : CVE-2025-38337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jbd2: fix data-race and null-ptr-deref in jbd2journaldirtymetadata Since handle-htransaction may be a NULL pointer, so we should change it to call...

JavaDeserH2HC

This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...