CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

EUVD-2026-35327

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

Spring MVC and WebFlux has Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2), cc.allio.uno:uno-starter-websocket (>=1.1.9 <=1.2.1) +704 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.2.0 <=6.2.11)

org.springframework:spring-websocket MAVEN version =6.2.0, =0.0.1, =1.1.9, =1.1.9, =3.5.5.3, =3.4.0.0, =3.4.0.0, =3.5.5.3, =1.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...

WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.2.0...

DEBIAN-CVE-2025-35036

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as ...

CVE-2023-28517

IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2024-17437 · WordPress · Dollie Hub – Build Your Own Wordpress Cloud Platform

Name of the Vulnerable Software and Affected Versions: Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress versions up to, and including, 6.2.0 Description: The issue concerns insufficient restrictions on which posts can be included via the elementor-template shortcode. This...

TIBCO Software Hawk 安全漏洞

TIBCO Software Hawk is a software product from TIBCO Software that allows monitoring and management of distributed computing applications. A security vulnerability exists in TIBCO Software Hawk version 6.2.0, 6.2.1, 6.2.2, and 6.2.3, which stems from a password disclosure vulnerability...

PT-2021-18635

Name of the Vulnerable Software and Affected Versions Sidekiq versions 5.1.3 and earlier Sidekiq versions 6.x through 6.2.0 Description The issue allows for XSS via the queue name of the live-poll feature, specifically when Internet Explorer is used. Recommendations For Sidekiq versions 5.1.3 and...

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...

DEBIAN-CVE-2017-5660

There is a vulnerability in Apache Traffic Server ATS 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used...

Insecure Unserialize in TYPO3 Import/Export

It has been discovered, that TYPO3 is susceptible to Insecure Unserialize. Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerable subcomponent: Import/Export Vulnerability Type: Insecure Unserialize Affected Versions: Versions 6.2.0 to 6.2.25, 7.6.0 to 7.6.9 and 8.0.0 to 8.2.0 Severity:...

Authentication Bypass in TYPO3 CMS

It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass. Component Type: TYPO3 CMS Release Date: April 12, 2016 Vulnerable subcomponent: Authentication Vulnerability Type: Authentication Bypass Affected Versions: Versions 6.2.0 to 6.2.19, 7.6.0 to 7.6.4 and 8.0.0 Severity:...

Cross-Site Scripting in TYPO3 component CSS styled content

It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting. Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: CSS styled content Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3 Severity: Medium...