CVE-2026-33012

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

CVE-2026-33012

CVE-2026-33012 affects the Micronaut Framework. Versions 4.7.0–4.10.16 use an unbounded ConcurrentHashMap cache in the DefaultHtmlErrorResponseBodyProvider with no eviction policy. If an exception message can be influenced by an attacker (e.g., via request query parameters), remote attackers coul...

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

Use of Cache Containing Sensitive Information

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the process of writing HTTP response heade...

CVE-2026-32759

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...

Next.js Framework 10.x / 11.x / 12.x / 13.x / 14.x / 15.x / 16.x < 16.1.7 Image Optimizer Disk Cache DoS (GHSA-3x4c-7xq6-9pq8)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in the Next.js image optimization feature which lacks a configurable upper limit on disk cache size. An attacker can deliberately generate many unique...

Micronaut Framework 安全漏洞

Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions 4.7.0 to 4.10.16 of the Micronaut Framework contain security vulnerabilities. These vulnerabilities stem from the use of the DefaultHtmlErrorResponseBodyProvider class, whic...

PT-2026-26780

Name of the Vulnerable Software and Affected Versions Ory Oathkeeper affected versions not specified Description Ory Oathkeeper is susceptible to authentication bypass due to cache key confusion within the oauth2 introspection authenticator. The caching mechanism does not differentiate between...

CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is...

CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...

CVE-2026-32759

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is...

CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...

CVE-2026-32759

File Browser CVE-2026-32759 affects versions 2.61.2 and earlier with a faulty TUS upload handler: Upload-Length is parsed as signed 64-bit without non-negative validation, allowing an authenticated user to supply a negative value that completes uploads on the first PATCH. This can trigger after_u...

Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR

An Open Redirect vulnerability exists in @angular/ssr due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes e.g., ///, the internal validation logic fails to account for a single backslash \ bypass. When an Angular SSR application is...

org.webjars.npm:file-entry-cache (>=5.0.1 <=6.0.1), org.webjars.npm:flat-cache (>=2.0.1 <=3.0.4) +6 more potentially affected by CVE-2026-33228 via org.webjars.npm:flatted (>=2.0.1 <=3.3.4)

org.webjars.npm:flatted MAVEN version =2.0.1, =5.0.1, =2.0.1, =3.3.1, =0.3.16, =0.2.107, =1.1.13, =0.1.30, =1.7.6, =2.0.2 Source cves: CVE-2026-33228 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15700434...

CVE-2026-27980

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

EUVD-2026-12892

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...

CVE-2026-23259

In the Linux kernel, the following vulnerability has been resolved: iouring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through ioreqrwcleanup and has an allocated iovec attached and fails to put to the rwcache, then it may end up with an unaccounted iov...