CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...

CVE-2026-2817

CVE-2026-2817 affects Spring Data Geode. The issue arises from using an insecure directory during snapshot imports: archives are extracted to predictable, overly permissive locations in the system temp directory. On shared hosts, a local user with basic privileges can access another user’s extrac...

CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...

PT-2026-20882

Name of the Vulnerable Software and Affected Versions Spring Data Geode affected versions not specified Description The software has a flaw related to insecure directory usage during snapshot imports. Specifically, archives are extracted into predictable and overly permissive directories within t...

A Bootiful Podcast: Glenn Renfro on Java and Spring community legend and my friend - on Devnexus and more

Hi, Spring fans! In this installment I talk to the amazing Glenn Renfro about Spring Batch, Spring Integration, Spring AI, and much more — plus why you should definitely register to attend the amazing Devnexus event in Atlanta, GA!...

Spring Data Geode 安全漏洞

Spring Data Geode is a software developed by Spring for configuring, operating, and accessing distributed data management systems. There is a security vulnerability in Spring Data Geode, which stems from the use of an insecure directory during the snapshot import process. Archives are stored in a...

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

SpringData - SpEL RCE Exploit - CVE-2022-22980 Exploit pour l...

This Week in Spring - February 17th, 2026

Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring! It's Lunar New Year or Chinese New Year for billions of people around the world and to those who celebrate, Happy Chinese/Lunar New Year 新年快乐! Or Happy Spring Festival 春节快乐! My favorite kind of festival! In honor ...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.13)

The version of AOS installed on the remote host is prior to 7.0.1.13. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.13 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forg...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.0.5)

The version of AOS installed on the remote host is prior to 7.5.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.0.5 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged...

ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5), ca.ibodrov.mica.docker:mica-standalone (>=0.0.27 <=0.0.34) +270 more potentially affected by CVE-2026-23901 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-23901 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-15253618...

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

cc.eamon.open:auth (=0.0.2), cloud.opencode.base:opencode-base-token (=1.0.0) +885 more potentially affected by CVE-2026-23903 via org.apache.shiro:shiro-spring (>=1.0.0-incubating <=2.0.6)

org.apache.shiro:shiro-spring MAVEN version =1.0.0-incubating, =1.0.0, =1.0.0, =1.0, =1.0, =1.0.3 and more Source cves: CVE-2026-23903 Source advisory: OSV:GHSA-C244-P6M5-VQJ6...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu, based on Spring Boot. Versions of Warehouse such as aaf29962ba407d22d991781de28796ee7b4670e4 and earlier versions have authorization-related vulnerabilities. These vulnerabilities stem from improper authorizatio...

warehouse 访问控制错误漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu, based on Spring Boot. There is an access control vulnerability in Warehouse, which stems from improper access control in the role permission binding processing program...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There are authorization issues in Warehouse; these issues stem from incorrect operations in the component Notice Management, specifically in the file...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There are authorization issues in Warehouse; these issues stem from improper authorization handling in the role management processor...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu, based on Spring Boot. There are authorization issues in Warehouse; these issues stem from improper authorization in menu management...

warehouse 授权问题漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu’s individual developer, based on Spring Boot. There is an authorization issue in Warehouse; this vulnerability stems from insufficient authorization verification for user operations within the permission manageme...

A Bootiful Podcast: JetBrains and Spring community legend Marco Behler

hi, Spring fans! In this installment I have the privilege of talking to JetBrains legend Marco Behler...