PT-2026-29548

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

CVE-2024-40489

CVE-2024-40489 concerns Jeecg Boot releases 3.0.0–3.5.3, where lax character filtering enables an injection vulnerability that could let an attacker execute arbitrary code via specially crafted HTTP requests. Affected software: Jeecg Boot (Java low-code platform) versions 3.0.0–3.5.3. Root cause:...

CVE-2024-43028

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

This Week in Spring - March 31st, 2026

Hi, Spring fans! Welcome to another fun edition of This Week in Spring! I'm writing to you from beautiful Amsterdam ahead of the wonderful Voxxed Days Amsterdam event, and I'm really looking forward to it. If you're there, please come say hello! Also, be aware that I'll be speaking at the Paris J...

com.agentsflex:agents-flex-bom (>=2.1.1 <=2.1.3), com.agentsflex:agents-flex-mcp (>=2.0.0 <=2.1.3) +28 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.0.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - com.agentsflex:agents-flex-bom =2.1.1, =2.0.0, =2.1.1, =2.0.4, =0.1.1, =0.1.1,...

SUSE CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

io.gitee.yeshizhe:echoparrot-application (=25.2.5), io.gitee.yeshizhe:echoparrot-core (=25.2.5) +2 more potentially affected by CVE-2026-22743 via org.springframework.ai:spring-ai-neo4j-store (>=1.0.0-M5 <=1.0.4)

org.springframework.ai:spring-ai-neo4j-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.4 Source cves: CVE-2026-22743 Source advisory: OSV:GHSA-7CJ7-RCW6-P68V...

Exploit for Code Injection in Apple Securerom

🔐 iOS Security Research Deep-dive notes on iOS security inter...

com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.5 <=4.1.0), dev.vality:shared-resources (>=4.0.0-alpha1 <=4.0.0-alpha4) +1 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=2.15.0 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =2.15.0, =3.8.5, =4.0.0-alpha1, =2.5.12, =2.6.4-hadoop3 Source cves: CVE-2026-33701 Source advisory: SNYK:JAVA-IOOPENTELEMETRYJAVAAGENT-15857172...

CVE-2026-20104

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...

CVE-2026-32293

The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...

CVE-2025-41660

A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution...

CVE-2026-32606

IncusOS is an immutable OS image dedicated to running Incus. Prior to 202603142010, the default configuration of systemd-cryptenroll as used by IncusOS through mkosi allows for an attacker with physical access to the machine to access the encrypted data without requiring any interaction by the...

CVE-2026-22733

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

x86/efi: defer freeing of boot services memory

...

March 26, 2026—KB5079391 (OS Builds 26200.8116 and 26100.8116) Preview

March 26, 2026—KB5079391 OS Builds 26200.8116 and 26100.8116 Preview This update is no longer being offered to new devices due to an installation issue identified after release. The issue has been addressed in the March 31, 2026—KB5086672 OS Builds 26200.8117 and 26100.8117 Out-of-band update tha...

EUVD-2026-15435

A vulnerability in the bootloader of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches, Cisco Catalyst ESS9300 Embedded Series Switches, Cisco Catalyst IE9310 and IE9320 Rugged Series Switches, and Cisco IE3500 and IE3505 Rugged Series Switches could allow an authenticated, local...

SUSE CVE-2026-23369

In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpilock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads can collect i801 device info on boot and walk...