ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +10169 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.0.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-22741 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109603...

[SECURITY] Fedora 44 Update: spacebar-6.6.4-1.fc44

Spacebar is a telepathy-qt based SMS application that primarily targets Plasm a Mobile...

[SECURITY] Fedora 44 Update: layer-shell-qt-6.6.4-1.fc44

This component is meant for applications to be able to easily use clients based on wlr-layer-shell...

[SECURITY] Fedora 44 Update: kf6-solid-6.25.0-1.fc44

Solid provides the following features for application developers: - Hardware Discovery - Power Management - Network Management...

[SECURITY] Fedora 44 Update: kf6-kfilemetadata-6.25.0-1.fc44

A Tier 2 KDE Framework for extracting file metadata...

[SECURITY] Fedora 44 Update: kf6-kcmutils-6.25.0-1.fc44

KCMUtils provides various classes to work with KCModules. KCModules can be created with the KConfigWidgets framework...

[SECURITY] Fedora 44 Update: kf6-kcalendarcore-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 KCalendarCore Library...

[SECURITY] Fedora 44 Update: kf6-frameworkintegration-6.25.0-1.fc44

Framework Integration is a set of plugins responsible for better integration of Qt applications when running on a KDE Plasma workspace. Applications do not need to link to this directly...

CVE-2026-40255

AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to 7.8.1 and 8.0.0-next.0 through 8.1.3, and @adonisjs/core versions prior to 7.4.0, the response.redirect.back method reads the Referer header from the incoming HTTP...

CVE-2026-39313

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

CVE-2026-39313

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

Summary The readRequestBody function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request. Details File:...

@aumoai/mcp-data-analyst (>=0.1.0 <=0.2.8-a), @geobio/code_execution_server (>=0.2.0 <=0.2.1) +35 more potentially affected by CVE-2026-39313 via mcp-framework (>=0.1.27 <=0.2.2)

mcp-framework NPM version =0.1.27, =0.1.0, =0.2.0, =1.0.11, =0.2.0, =0.2.0, =0.0.1, =0.0.4 and more Source cves: CVE-2026-39313 Source advisory: SNYK:JS-MCPFRAMEWORK-16420257...

EUVD-2026-23300

MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport...

Allocation of Resources Without Limits or Throttling

Overview mcp-framework is a Framework for building Model Context Protocol MCP servers in Typescript Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the readRequestBody function. An attacker can exhaust system memory and cause a server...

EUVD-2026-23271

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks...

USN-8180-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

dotnet: .NET: Security Bypass and Denial of Service Vulnerability

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features...