377 matches found
RHSA-2026:28046 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (golang-uber-multierr) security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (golang-uber-multierr) security update
An update for golang-uber-multierr is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2026-41006
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...
CVE-2026-41006 Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...
CVE-2026-41006
Spring HATEOAS contains a deserialization vulnerability where internal PropertyUtils.createObjectFromProperties binds bean properties via reflection without honoring Jackson access-control annotations. This affects multiple supported branches: 1.5.x, 2.3.x, 2.4.x, 2.5.x, and 3.0.x up to 3.0.3. Th...
CVE-2026-41006 Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...
PT-2026-47644
Name of the Vulnerable Software and Affected Versions Spring HATEOAS versions 1.5.0 through 1.5.6 Spring HATEOAS versions 2.3.0 through 2.3.4 Spring HATEOAS versions 2.4.0 through 2.4.1 Spring HATEOAS versions 2.5.0 through 2.5.2 Spring HATEOAS versions 3.0.0 through 3.0.3 Description The interna...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via reflective property binding in PropertyUtils.createObjectFromProperties. An attacker can modify security-sensitive object properties by supplying crafted...
ADR: An Agentic Detection System for Enterprise Agentic AI Security
We present the Agentic AI Detection and Response ADR system, the first large-scale, production-proven enterprise framework for securing AI agents operating through the Model Context Protocol MCP. We identify three persistent challenges in this domain: 1 limited observability -- existing Endpoint...
CVE-2026-28099
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider Ultra uberSliderultra allows Reflected XSS.This issue affects UberSlider Ultra: from n/a through = 2.3...
CVE-2026-28101
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider MouseInteraction uberSlidermouseinteraction allows Reflected XSS.This issue affects UberSlider MouseInteraction: from n/a through = 2.3...
CVE-2026-28100
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSliderperpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...
PT-2026-23375
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSlider perpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...
PT-2026-23377
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider Classic uberSlider classic allows Reflected XSS.This issue affects UberSlider Classic: from n/a through = 2.5...
Malicious code in uber-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb767de450fdafc6d2aa88f77a1f0a95188ddb866565c91258711f3434ce561e The package uber-ui was found to contain malicious code. Source: ossf-package-analysis 9706819391825d94f76cf6530978ae5e88f3a58ccc386090ef6523825393fb...
EUVD-2025-198557
Malicious code in uber-ui npm...
MAL-2025-190616 Malicious code in uber-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb767de450fdafc6d2aa88f77a1f0a95188ddb866565c91258711f3434ce561e The package uber-ui was found to contain malicious code. Source: ossf-package-analysis 9706819391825d94f76cf6530978ae5e88f3a58ccc386090ef6523825393fb...
EUVD-2007-0127
Malware in sbrugna...
EUVD-2014-5653
Malware in sbrugna...
EUVD-2007-6640
Malware in sbrugna...