Font Generator for Embedded Bitmap and Color Glyph Pipeline Robustness Testing

This Python program constructs a handcrafted TrueType font file that combines multiple font subsystems - including embedded bitmap tables, color glyph definitions, glyph mapping structures, and minimal layout metadata - into a single synthetic test artifact...

PT-2026-48618

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. Affected versions: Spring Web...

VMware Spring Web Services 授权问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. Versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services contain authorization vulnerabilities. These vulnerabilities stem from the...

Axios 代码问题漏洞

Axios is an open-source HTTP client developed by Axios, based on Promise a solution for asynchronous programming. There were code-related vulnerabilities in versions of Axios before 0.32.0 and 1.16.0. These vulnerabilities stemmed from unnormalized IPv4-to-Ipv6 address mappings, which could lead ...

PT-2026-48707

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0496 Description A code injection issue exists in the s:stepmatch function within the cucumber filetype plugin runtime/ftplugin/cucumber.vim for builds with +ruby support. Step-definition patterns read from .rb files ...

Denial of Service (DoS)

Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS via the MappingContext property path resolution. An attacker can cause...

Server-side Request Forgery (SSRF)

Overview org.springframework.ws:spring-ws-core is a product of the Spring community focused on creating document-driven Web services. Spring Web Services aims to facilitate contract-first SOAP service development, allowing for the creation of flexible web services using one of the many ways to...

VMware Spring Data Commons 资源管理错误漏洞

VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation in the United States. There is a resource management vulnerability in VMware Spring Data Commons. This vulnerability arises when the attribute path string controlled by the attacker is passed to the...

CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

CVE-2026-41695

Spring Data Commons contains a Denial of Service risk (CVE-2026-41695) caused by resource exhaustion during property path resolution in MappingContext. Affected versions are Spring Data Commons 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14. The provided documents describe the issue and affected release...

MAL-2026-5400 Malicious code in multica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d7d3e4277fb571072315c7f64c269029cd53c78b3ff27ec5536d748c659fd6a2 Package is published at version 9999.99.99 with a description referencing an npm 404 in multica-ai/multica and a main module that recursively require...

CVE-2026-34194

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

x86 HVM I/O port list traversal

ISSUE DESCRIPTION HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses...

CVE-2026-41855

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

CVE-2026-41844

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

UBUNTU-CVE-2026-41855

In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization. Affect...

CVE-2026-41844 Spring Framework Open Redirect in Spring MVC and WebFlux

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

EUVD-2026-35332

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

CVE-2026-41844

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

CVE-2026-41844

The CVE-2026-41844 entry concerns Spring Framework components Spring MVC and Spring WebFlux. Affected are Spring Framework versions 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; and 5.3.0–5.3.48. Description: when an application configures a mapping for "/**" and the view name is not explicitly specif...