CVE-2026-44516

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

CVE-2026-44516

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

CVE-2026-44516 Valtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

CVE-2026-44516

Valtimo (versions 12.4.0–12.33.0 and 13.26.0) contains a vulnerability in the web module where the LoggingRestClientCustomizer intercepts outgoing HTTP calls via Spring RestClient and logs full request/response bodies and headers. When errors occur, this data can appear in HttpClientErrorExceptio...

CVE-2026-44516

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

CVE-2026-41050 Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo...

Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

MAL-2026-1823 Malicious code in proleis-rest-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85952294cce10a5f7f25e077525b1d985ea33ce37974d44535fc894f5fcec749 The package proleis-rest-client was found to contain malicious code...

Malicious code in proleis-rest-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85952294cce10a5f7f25e077525b1d985ea33ce37974d44535fc894f5fcec749 The package proleis-rest-client was found to contain malicious code...

com.digitalpebble.stormcrawler:storm-crawler-opensearch (=2.11), com.erudika:para-search-elasticsearch (>=1.41.1 <=1.41.3) +103 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch-common (>=2.10.0 <=2.19.3)

org.opensearch:opensearch-common MAVEN version =2.10.0, =1.41.1, =1.0.0-TEST, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.0.0.0, =4.0.5.2 and more Source cves: CVE-2025-9624 Source advisory: OSV:GHSA-MW3V-MMFW-3X2Ghttps://vulners.com/o...

org.apache.causeway.extensions:causeway-extensions-audittrail-applib (=4.0.0-M1), org.apache.causeway.extensions:causeway-extensions-audittrail-persistence-jpa (=4.0.0-M1) +18 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-runtimeservices (=4.0.0-M1)

org.apache.causeway.core:causeway-core-runtimeservices MAVEN version =4.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-runtimeservices and may be impacted: -...

EUVD-2018-0360

Malware in sbrugna...

EUVD-2019-0614

Malware in sbrugna...

EUVD-2017-0275

Malware in sbrugna...

EUVD-2023-1200

Malicious code in bioql PyPI...

Malicious code in link-rest-client (npm)

The package link-rest-client was found to contain malicious code...

MAL-2025-25397 Malicious code in link-rest-client (npm)

The package link-rest-client was found to contain malicious code...

com.itextpdf:bouncy-castle-fips-adapter (>=9.0.0 <=9.5.0), org.apache.camel.springboot:camel-opensearch-starter (=4.12.0) +13 more potentially affected by CVE-2025-8885 via org.bouncycastle:bc-fips (=2.0.0)

org.bouncycastle:bc-fips MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.itextpdf:bouncy-castle-fips-adapter =9.0.0, =3.22.0, =26.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0,...

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the duplicated context process. An attacker can access sensitive data from another transaction by triggering the duplication of an already duplicated context. Note: Duplicating a duplicated conte...

org.webjars.bowergithub.advanced-rest-client:code-mirror (=2.0.1), org.webjars.bowergithub.angular-ui:ui-codemirror (>=0.1.6 <=0.3.0) potentially affected by CVE-2025-6493 via org.webjars.bowergithub.components:codemirror (>=4.13.0 <=5.65.12)

org.webjars.bowergithub.components:codemirror MAVEN version =4.13.0, =0.1.6, =0.3.0 Source cves: CVE-2025-6493 Source advisory: SNYK:JAVA-ORGWEBJARSBOWERGITHUBCOMPONENTS-10494093...