CLSA-2026-1777479919 bind: Fix of CVE-2025-40778

CVE-2025-40778: reject forged records in answer sections to prevent cache poisoning via crafted responses - build tests improved...

JLSEC-2026-336

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

JLSEC-2026-293

HDF5 through 1.14.3 contains a heap buffer overflow in H5HGcacheheapdeserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

JLSEC-2026-339

A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5Creconstructcacheentry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the...

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

GHSA-WG35-8JPF-2XV3 Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

DEBIAN-CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

UBUNTU-CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741 Static resource cache poisoning in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741 Static resource cache poisoning in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

EUVD-2026-26206

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

CVE-2026-22741 – cache poisoning in static resources (Spring MVC/WebFlux) . When an app uses Spring MVC/WebFlux with resource chain caching enabled and encoded resource resolution, and the resource cache is empty, an attacker can poison the cache by sending crafted requests with incorrect encodin...

Cache Poisoning

Spring MVC and WebFlux are vulnerable to Cache Poisoning. The vulnerability is due to improper handling of encoded resource resolution when resource chain caching is enabled, allowing attackers to store incorrectly encoded resources in the cache, which can break frontend asset delivery and lead t...

CLSA-2026-1777287060 bind: Fix of CVE-2025-40778

CVE-2025-40778: reject forged records in answer sections to prevent cache poisoning via crafted responses - build tests improved...

Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

GHSA-J7RW-325J-2RMX Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...