Spring Framework 5.3.x < 5.3.49 / 6.1.x < 6.1.28 / 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 Multiple Vulnerabilities

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49, 6.1.x prior to 6.1.28, 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by multiple vulnerabilities: - IDs for WebSocket sessions in the spring-websocket module are not...

CVE-2026-41855 Spring Framework Unsafe Deserialization via Jackson JMS Converters

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

CVE-2026-41855 Spring Framework Unsafe Deserialization via Jackson JMS Converters

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

CVE-2026-41855

The CVE affects Spring Framework via unsafe deserialization in JMS converters: MappingJackson2MessageConverter and JacksonJsonMessageConverter allow arbitrary class instantiation in untrusted JMS environments, enabling gadget-based deserialization that could trigger unauthorized actions. Affected...

PT-2026-47666

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

Linux Distros Unpatched Vulnerability : CVE-2026-41855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and...

Deserialization of Untrusted Data

Overview org.springframework:spring-jms is a maven plugin for Spring JMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization in MappingJackson2MessageConverter and JacksonJsonMessageConverter within an untrusted JMS environment. An attacker c...

22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters

Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by...

ca.uhn.hapi.fhir:org.hl7.fhir.convertors (>=6.8.0 <=6.9.3), ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=6.8.0 <=6.9.3) +12 more potentially affected by CVE-2026-34359 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.8.0 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =4.0.19, =4.14.6, =2.1.0, =2.1.0, =2.1.0, =2.2.3 Source cves: CVE-2026-34359, CVE-2026-34361 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855298...

EUVD-2004-1762

Malware in sbrugna...

EUVD-2017-17326

Malware in sbrugna...

EUVD-2022-0776

Malicious code in bioql PyPI...

The state of HTTP clients in Spring

This is a new blog post in the Road to GA series, this time exploring the new capabilities of our HTTP clients. This is also a good time to reflect on the state of HTTP clients in Spring, so we will use this opportunity to explain an important announcement: we are officially deprecating...

Malicious code in postman-converters (npm)

The package postman-converters was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f892ed43c85774f667cf9303e6d7ca7d30763a23dc3c6bb4e2261954dfee9070 Any computer that has this package installed or running should be considered fully...

Malicious Package

Overview postman-converters is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-47565 Malicious code in postman-converters (npm)

The package postman-converters was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f892ed43c85774f667cf9303e6d7ca7d30763a23dc3c6bb4e2261954dfee9070 Any computer that has this package installed or running should be considered fully...

CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

UBUNTU-CVE-2024-39289

A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...

A week in security (March 17 &#8211; March 23)

Last week on Malwarebytes Labs: What Google Chrome knows about you, with Carey Parker Lock and Code S06E06 Personal data revealed in released JFK files Semrush impersonation scam hits Google Ads Targeted spyware and why it’s a concern to us The "free money" trap: How scammers exploit financial...

Century Systems FutureNet AS series和Century Systems FutureNet FA series 安全漏洞

Century Systems FutureNet AS series and Century Systems FutureNet FA series are both products of Century Systems Japan.Century Systems FutureNet AS series is a series of industrial routers. Century Systems FutureNet AS series is a series of industrial routers. Century Systems FutureNet FA series ...