org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40981 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40981 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439020...

org.springframework.cloud:spring-cloud-gateway-docs (>=4.1.3 <=4.1.7), org.springframework.cloud:spring-cloud-starter-gateway-mvc (>=4.1.0 <=4.1.7) potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.0, =4.1.3, =4.1.0, =4.1.7 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...

Pulse Secure VPN Remote Code Execution Exploit

The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation...