ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5089 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

io.github.wwwlike:vlife-boot-starter-web (>=1.0.4 <=1.0.7), io.github.wwwlike:vlife-core (>=1.0.4 <=1.0.7) +2 more potentially affected by CVE-2025-13266 via io.github.wwwlike:vlife-base (>=1.0.4 <=1.0.7)

io.github.wwwlike:vlife-base MAVEN version =1.0.4, =1.0.4, =1.0.4, =1.0.4, =1.0.2, =1.0.7 Source cves: CVE-2025-13266 Source advisory: OSV:GHSA-CG6M-9276-QPJJ...

Memory corruption

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

Vulnerability fixed in VMware Tanzu Spring Framework

VMWare Tanzu has fixed a vulnerability in Spring Framework. An unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service on an application running in the framework. The prerequisite for successful exploitation is that the application uses of the...