CVE-2026-33900

creationtimestamp| type| source ---|---|--- 2026-05-01 15:50:35+00:00| seen| https://vulnerability.circl.lu/bundle/63ae1405-3878-4622-935b-6ee96a75dc90...

EUVD-2026-26587

In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix slab-out-of-bounds read in iobundlenbufs sqe-len is u32 but gets stored into sr-len which is int. When userspace passes sqe-len values exceeding INTMAX e.g. 0xFFFFFFFF, sr-len overflows to a negative value. This...

CVE-2026-31774

In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix slab-out-of-bounds read in iobundlenbufs sqe-len is u32 but gets stored into sr-len which is int. When userspace passes sqe-len values exceeding INTMAX e.g. 0xFFFFFFFF, sr-len overflows to a negative value. This...

Improper Hostname Verification

Spring Boot is vulnerable to improper hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by impersonating the RabbitMQ broker...

Improper SSL Hostname Verification

org.springframework.boot, spring-boot-elasticsearch is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by connecting to a malicious Elasticsearch...

CVE-2026-40970

A flaw was found in Spring Boot. When configured to use an SSL Secure Sockets Layer bundle, the Elasticsearch auto-configuration component does not perform hostname verification when establishing a connection to the Elasticsearch server. An attacker on an adjacent network could exploit this by...

GHSA-9VC8-QPPQ-WVXC Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

EUVD-2026-25930

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

CVE-2026-40971

Spring Boot RabbitMQ auto-configuration fails to verify hostnames when SSL bundles are enabled. Affected: Spring Boot 4.0.0–4.0.5 and 3.5.0–3.5.13. Root cause: hostname verification is not performed during broker connection, enabling potential interception or tampering on networks. Mitigation: pa...

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

CVE-2026-40970

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

EUVD-2026-25908

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

CVE-2026-40970

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

CVE-2026-40970

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

CVE-2026-40970

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

CVE-2026-40970

CVE-2026-40970 : When Spring Boot is configured to use an SSL bundle, its Elasticsearch auto-configuration does not perform hostname verification during TLS connections to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5. Impact: potential MitM if an attacker presents a valid CA-signed...

PT-2026-35515

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Description When configured to use an SSL bundle, the Elasticsearch auto-configuration fails to perform hostname verification during the connection to the Elasticsearch server. Hostname verification is ...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the trustedCertPool function, which only parses the first PEM block from CA certificate files. An attacker can bypass certificate chain validation by providing a multi-certificate PEM bundle where only...

Researcher claims Claude Desktop installs “spyware” on macOS

Security researcher Alexander Hanff wrote an article titled Anthropic secretly installs spyware when you install Claude Desktop. Claims like that are bound to create two sides, so we searched for an official rebuttal by Anthropic. But we couldn’t find one. It would surprise me very much if they’d...

CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...