CVE-2026-1225

CVE-2026-1225 affects logback-core (up to and including 1.5.24) used in Java applications. The issue enables an attacker to instantiate arbitrary classes present on the user’s class path by compromising an existing logback configuration file. Exploitation requires the attacker to have write acces...

Oracle WebCenter Sites (January 2026 CPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: Core Apache Log4j. The...

Spring Security security vulnerabilities

Spring Security is a security framework developed by Spring, an open-source project, that includes authentication and authorization features. Spring Security has security vulnerabilities; these vulnerabilities stem from the timing attack mitigation measures in the DaoAuthenticationProvider being...

Oracle Primavera Unifier (January 2026 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache Tika. Supported versions th...

Oracle WebLogic Server (January 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...

security-antipatterns-java

Security Anti-Patterns for Java AI coding agents write insecu...

Atlassian Jira Service Management Data Center and Server 11.0.x < 11.2.0 (JSDSERVER-16466)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16466 advisory. - The Spring Security annotation detection mechanism may not correctly resolve annotations on methods...

Spring AI Agentic Patterns (Part 3): Why Your AI Agent Forgets Tasks (And How to Fix It)

Have you ever asked an AI agent to perform a complex multi-step task, only to find it skipped a critical step halfway through? You're not alone. Research shows that LLMs struggle with "lost in the middle" failures—forgetting tasks buried in long contexts. When your agent juggles file edits, test...

This Week in Spring - January 20th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's already the 20th of January and we are off on yet another rip roarin' adventure as we look at the week that has been... this week in Spring! even more good stuff from Spring AI team legend Christian Tsolov, this one on...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

Spring AI Agentic Patterns (Part 2): AskUserQuestionTool - Agents That Clarify Before Acting

Traditional AI interactions follow a common pattern: you provide a prompt, the AI makes assumptions, and produces a response. When those assumptions don't match your needs, you're left iterating through corrections. Each assumption creates rework—wasting time and context. What if your AI agent...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.2.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.14.2 for Spring Boot patch 1 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2026-22718

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965-Spring4Shell-Security-Operations-Analysis A com...

CVE-2026-22718

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

CVE-2026-22718

The CVE-2026-22718 entry concerns the VSCode extension for Spring CLI, attributed to VMware, with a vulnerability allowing command injection and subsequent command execution on the user’s machine. Connected advisories consistently describe this as a vulnerability in the Spring CLI VSCode extensio...

CVE-2026-22718 Command injection vulnerability

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

CVE-2026-22718 Command injection vulnerability

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

PT-2026-2793

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...