259 matches found
CVE-2026-50469
Improper link resolution before file access 'link following' in Windows Projected File System allows an authorized attacker to elevate privileges locally...
CVE-2026-50469 Windows Projected File System Elevation of Privilege Vulnerability
...
CVE-2026-50469
CVE-2026-50469 affects Windows Projected File System. The flaw is an improper link resolution before file access (link following) that enables an authenticated local attacker to elevate privileges. Documented impact is privilege escalation with a CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H score...
Windows Projected File System Elevation of Privilege Vulnerability
Improper link resolution before file access 'link following' in Windows Projected File System allows an authorized attacker to elevate privileges locally...
CVE-2026-41721
A flaw was found in Spring Data Commons. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request when Spring Data Web Support is enabled with a Controller method using @ProjectedPayload. This can cause the application to allocate excessive memory, leading to a...
GHSA-8WCJ-MFRC-JX5Q Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container
Summary Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. Details The user controls the builder...
CVE-2026-42837
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-42828
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
Denial of Service (DoS)
Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS in the parsing of Sort parameters. An attacker can cause a stack overflo...
Denial of Service (DoS)
Overview org.springframework.data:spring-data-commons is a maven plugin to centralize common resources and configuration for Spring Data Maven builds. Affected versions of this package are vulnerable to Denial of Service DoS via data binding. An attacker can exhaust system memory resources by...
EUVD-2026-35902
Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...
CVE-2026-41721
Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...
VMware Spring Data Commons 资源管理错误漏洞
VMware Spring Data Commons is a data access abstraction framework developed by VMware Corporation in the United States. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.5.0 and earlier, 3.4.0 and earlier, 3.3.0 and earlier, 3.2.0 and earlier, 3.1.0 and earlier, 3.0.0 and...
CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding
Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...
CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding
Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...
CVE-2026-41721
Spring Data Commons vulnerability (CVE-2026-41721) can cause a Denial of Service when Spring Data Web Support is enabled and a controller uses @ProjectedPayload; a specially crafted HTTP request may cause excessive memory allocation. Affected versions include Spring Data Commons 4.0.0–4.0.5; 3.5....
CVE-2026-41721 Spring Data Commons Denial of Service via Data Binding
Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...
EUVD-2026-35533
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-42837
Out-of-bounds read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-42828
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...