Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...

Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path

A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...

Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63...

PT-2026-48526

Name of the Vulnerable Software and Affected Versions dracut affected versions not specified Description A flaw in the legacy DHCP path allows a remote attacker on the adjacent network to achieve root code execution within the initramfs initial RAM file system, which is loaded with the kernel at...

Linux Distros Unpatched Vulnerability : CVE-2026-46284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line...

CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true , are not affected...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via missing hostname verification in the auto-configuration. An attacker can impersonate a trusted mail server and intercept or manipulate SMTP communications because hostname...

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...

EUVD-2026-35521

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35526

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35523

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35525

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35524

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35522

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-35514

Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-8863 CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

CVE-2026-8863 CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...