EUVD-2026-26206

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

CVE-2026-22741 – cache poisoning in static resources (Spring MVC/WebFlux) . When an app uses Spring MVC/WebFlux with resource chain caching enabled and encoded resource resolution, and the resource cache is empty, an attacker can poison the cache by sending crafted requests with incorrect encodin...

CVE-2026-22740 Spring Framework DoS with Multipart Temp Files in WebFlux

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

CVE-2026-22740

The CVE-2026-22740 issue affects Spring Framework WebFlux multipart request handling. The root cause is cleanup of temporary files created for parts larger than 10 KB, which in some cases are not deleted after the request completes, enabling an attacker to exhaust disk space (Denial of Service). ...

CVE-2026-22740 Spring Framework DoS with Multipart Temp Files in WebFlux

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

CVE-2025-60887

An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Classes with pointer-like mechanics under the cista::raw namespace are prone to reference tampering,...

VMware Spring Framework 安全漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. There is a security vulnerability in the VMware Spring Framework, which stems from caching malicious resources duri...

VMware Spring Framework 资源管理错误漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware Corporation in the United States. This framework helps developers build high-quality applications. There is a resource management vulnerability in the VMware Spring Framework, which stems from a...

PT-2026-35909

Name of the Vulnerable Software and Affected Versions Spring MVC affected versions not specified Spring WebFlux affected versions not specified Description Applications using Spring MVC or Spring WebFlux are susceptible to Denial of Service attacks when serving static resources from the file syst...

EyouCMS 注入漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.9 and earlier have a vulnerability related to injection attacks. This vulnerability arises from improper handling of the editFile function in the file...

Formulating Subgroup Discovery As a Quantum Optimization Problem for Network Security

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery SD addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic bea...

VMware Spring Framework 资源管理错误漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. There is a resource management vulnerability in the VMware Spring Framework, where temporary files created during processing...

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

CVE-2026-7305 Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgery

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

CVE-2026-42545

creationtimestamp| type| source ---|---|--- 2026-04-28 18:30:30+00:00| published-proof-of-concept| https://github.com/emmett-framework/granian/security/advisories/GHSA-f5p7-9fr5-8jmj...

CVE-2026-42544

creationtimestamp| type| source ---|---|--- 2026-04-28 18:30:03+00:00| published-proof-of-concept| https://github.com/emmett-framework/granian/security/advisories/GHSA-vrg7-482j-p6f6...

Why Sharing a Screenshot Can Get You Jailed in the UAE

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years...

MAL-2026-3131 Malicious code in kcvlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a441a8e0abdd54964ca9e0a5e3a1d0e0c0435f05d80ab9e9210e10194a16f3d During import, the package downloads and executes obfuscated code. It appears to be an infostealer framework --- Category: MALICIOUS - The campaign has clearly...

Malicious code in kcvlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a441a8e0abdd54964ca9e0a5e3a1d0e0c0435f05d80ab9e9210e10194a16f3d During import, the package downloads and executes obfuscated code. It appears to be an infostealer framework --- Category: MALICIOUS - The campaign has clearly...