Spring Office Hours Podcast: S5E16 - May Release Train Shift & What's Coming in Spring Boot 4.1

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun break down the recently announced shift of the May release train from May 11-22 to June 1-5, and what that means for your upgrade planning across the Spring portfolio. They also dig...

PT-2026-42020

Name of the Vulnerable Software and Affected Versions Ledger Nano X affected versions not specified Ledger Flex affected versions not specified Ledger Stax affected versions not specified Description A denial of service issue exists in the MCU firmware update process. The flaw is caused by missin...

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

SUSE CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...

com.ibeetl:beetl-online-web (=3.15.3.RELEASE), com.ibeetl:beetl-spring-boot-starter-classic (>=3.14.1.RELEASE <=3.20.2.RELEASE) potentially affected by CVE-2026-8759 via com.ibeetl:beetl-spring-classic (>=3.14.1.RELEASE <=3.20.2.RELEASE)

com.ibeetl:beetl-spring-classic MAVEN version =3.14.1.RELEASE, =3.14.1.RELEASE, =3.20.2.RELEASE Source cves: CVE-2026-8759 Source advisory: OSV:GHSA-FMMW-44RP-JCFP...

Linux Distros Unpatched Vulnerability : CVE-2026-46728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash. CVE-2026-46728 Note that Nessus...

DEBIAN-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

UBUNTU-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

CVE-2026-46728

The CVE-2026-46728 entry concerns U-Boot (before 2026.04) where FIT (Flat Image Tree) signature verification can bypass trust because hashed-nodes are omitted from a hash. Affected software: U-Boot (pre-2026.04). Vulnerable component: FIT signature verification process. Root cause: omission of ha...

SUSE CVE-2019-12380

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because...

SUSE CVE-2023-43636

In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at different stages of the boot process will change if any of their respective parts are changed. This...

DENX Software Engineering Das U-Boot 访问控制错误漏洞

DENX Software Engineering's Das U-Boot is a general-purpose bootloader developed by the German company DENX Software Engineering. Versions of DENX Software Engineering's Das U-Boot prior to version 2026.04 contained an access control vulnerability. This vulnerability stemmed from the omission of...

PT-2026-41468

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2026.04 Description Das U-Boot allows a Flat Image Tree FIT signature verification bypass. This occurs because hashed-nodes are omitted from a hash, which can lead to the acceptance of unsigned or modified images...

Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the ApplicationTemp directory due to predictable temporary directory handling. When the server.servlet.session.persistent setting is enabled and the attack persists across...

Spring Boot: Spring Boot: Remote code execution via timing attack in DevTools remote secret comparison

A flaw was found in Spring Boot. An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about a remote secret. In extreme circumstances, this could allow the attacker to determine the secret and upload changed classes, leading to...