CVE-2026-8730

A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogssbinfinstancesetid in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has been...

ch.admin.bit.jeap:jeap-spring-boot-config-starter (>=17.16.0 <=18.5.0), ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=7.4.5) +901 more potentially affected by CVE-2026-40989 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =17.16.0, =4.0.0, =1.0.0, =1.0.1, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2026-40989 Source advisory:...

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

ch.admin.bit.jeap:jeap-spring-boot-config-starter (>=17.16.0 <=18.5.0), ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=7.4.5) +901 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =17.16.0, =4.0.0, =1.0.0, =1.0.1, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2026-40990 Source advisory:...

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40989 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

Cross-site Scripting (XSS)

Overview telejson is an A library for teleporting rich data to another place. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parse function. An attacker can execute arbitrary JavaScript code in the new Function context by supplying a crafted JSON payload...

CVE-2025-71008

A segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71008

A segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71008

CVE-2025-71008 describes a segmentation fault in OneFlow v0.9.0 within the internal autograd path (FunctionCtx.mark_non_differentiable). The issue can be triggered by crafted input to cause a Denial of Service. Affected component: oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_d...

EUVD-2025-206539

A segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-71008

A segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service DoS via a crafted input...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability. This vulnerability stems from a segmentation violation in the oneflow.oneflowinternal.autograd.Function.FunctionCtx.marknondifferentiable component, which could lead...

ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=4.0.1), cn.herodotus.engine:message-kafka-spring-boot-starter (>=3.2.0.0 <=3.3.0.2) +441 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.1.0 <=4.1.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.1.0, =4.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =3.3.0.0, =2023.0.0.0-RC1, =2023.0.0.0-RC1, =5.8.0, =5.8.0, =5.8.0, =5.13...

city.smartb.cccev:api-commons-jvm (>=0.14.0 <=0.15.0-RC2), city.smartb.cccev:cccev-certification-api (>=0.15.0 <=0.15.0-RC2) +397 more potentially affected by CVE-2024-22271 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.0.6)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2024-22271 Source advisory:...

Denial Of Service (DoS)

spring-cloud-function-context is denial of service. An attacker who directly interacts with framework can send malicious payload to the lookup function, triggering a caching issue in Function Catalog component of the framework and crashing the application...

city.smartb.f2:f2-spring-boot-starter-function (>=0.2.2 <=0.6.0), city.smartb.f2:f2-spring-boot-starter-function-http (>=0.2.2 <=0.6.0) +412 more potentially affected by CVE-2022-22963 via org.springframework.cloud:spring-cloud-function-context (>=3.2.0 <=3.2.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =3.2.0, =0.2.2, =0.2.2, =0.2.2, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.6.0 and more Source cves: CVE-2022-22963 Source advisory: OSV:GHSA-6V73-FGF6-W5J7...

Remote Code Execution

spring-cloud-function-context is vulnerable to remote code execution. The routing functionality allows a user to provide a malicious SpEL as a routing-expression which would allow arbitrary OS commands to be executed remotely...

CVE-2017-11698

Heap-based buffer overflow in the getpage function in lib/dbm/src/hpage.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...

CVE-2015-8789

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document...