com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-admin (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-core (=1.0.0.4) +4 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-elasticsearch-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-elasticsearch-store MAVEN version =1.0.0-M5, =4.2.3, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321388...

VMware Spring Boot 信任管理问题漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. In versions 4.0.0 to 4.0.5 of VMware Spring Boot, there was a vulnerability related to trust management. This vulnerability stemmed from the fact that Elasticsearch’s automatic configuration during the...

Juniper Junos OS Vulnerability (JSA100057)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100057 advisory. - An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to...

PT-2026-35549

When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...

VMware Spring Boot 信任管理问题漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There were security vulnerabilities in versions 4.0.0 to 4.0.5 and 3.5.0 to 3.5.13 of VMware Spring Boot. These vulnerabilities stemmed from an issue where RabbitMQ automatically configured SSL bundles withou...

PT-2026-35546

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Spring Boot versions 3.4.0 through 3.4.15 Spring Boot versions 3.3.0 through 3.3.18 Spring Boot versions 2.7.0 through 2.7.32 Spring Boot versions prior to 2.7....

PT-2026-35545

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Spring Boot versions 3.4.0 through 3.4.15 Spring Boot versions 3.3.0 through 3.3.18 Spring Boot versions 2.7.0 through 2.7.32 Spring Boot versions prior to 2.7....

PT-2026-35547

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

PT-2026-35548

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Description Default web security in certain configurations is ineffective, allowing unauthorized and unauthenticated access to all endpoints. This occurs when a servlet-based web application relies on t...

PT-2026-35540

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Spring Boot versions 3.4.0 through 3.4.15 Spring Boot versions 3.3.0 through 3.3.18 Spring Boot versions 2.7.0 through 2.7.32 Spring Boot versions prior to 2.7....

OESA-2026-2079 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is...

SUSE CVE-2026-31559

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup 1. Replace "offindnodebypath"/"" with "ofroot" to avoid multiple calls to "ofnodeput". 2. Fix a potential kernel oops during early boot when memory allocation fails while parsing CPU...

SUSE CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

SUSE CVE-2026-31600

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

Linux Distros Unpatched Vulnerability : CVE-2026-31559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup 1. Replace offindnodebypath/ with ofroot to...

DEBIAN-CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

DEBIAN-CVE-2026-31559

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup 1. Replace "offindnodebypath"/"" with "ofroot" to avoid multiple calls to "ofnodeput". 2. Fix a potential kernel oops during early boot when memory allocation fails while parsing CPU...

CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

CVE-2026-31559

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup 1. Replace "offindnodebypath"/"" with "ofroot" to avoid multiple calls to "ofnodeput". 2. Fix a potential kernel oops during early boot when memory allocation fails while parsing CPU...