CVE-2026-41732 In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...

Veeam Service Provider Console Plugin for ConnectWise Automate opens empty configuration in ConnectWise Automate Control Center

Challenge After successfully installing the Veeam Service Provider Console Plugin for ConnectWise Automate, the Integration tab for Veeam Service Provider Console displays no data. Cause Lack of permissions for account used to log in to ConnectWise Automate and coexistence of 2 plugins: Veeam...

DEBIAN-CVE-2020-12831

An issue was discovered in FRRouting FRR aka Free Range Routing through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some...