ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +508 more potentially affected by CVE-2026-28208 via com.github.junrar:junrar (>=7.4.0 <=7.5.7)

com.github.junrar:junrar MAVEN version =7.4.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.4, =1.2.0, =25.4.0, =1.0.3.1-JDK21, =1.0.3.2-JDK21 and more Source cves: CVE-2026-28208 Source advisory: SNYK:JAVA-COMGITHUBJUNRAR-15360268...

jshERP path traversal vulnerability

jshERP Huaxia ERP is a domestic ERP system developed by Ji Shenghua. Versions of jshERP 3.6 and earlier had a path traversal vulnerability. This vulnerability stemmed from incorrect handling of the parameter “path” in the file /jshERP-boot/plugin/installByPath, which could lead to path traversal...