Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22471
Total
1617
Critical
6868
High
7196
Medium
CVE ID Severity Score Description Published
CVE-2026-46411 MEDIUM 6.5 FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their … Jun 10, 2026
CVE-2026-45782 UNKNOWN Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the … Jun 10, 2026
CVE-2026-44716 HIGH 7.5 Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability … Jun 10, 2026
CVE-2026-44505 MEDIUM 5.3 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/src/swarm.rs). … Jun 10, 2026
CVE-2026-41837 MEDIUM 5.3 Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. … Jun 10, 2026
CVE-2026-41732 HIGH 8.1 JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty … Jun 10, 2026
CVE-2026-41731 HIGH 8.1 JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its … Jun 10, 2026
CVE-2026-41730 MEDIUM 5.3 Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data … Jun 10, 2026
CVE-2026-41729 HIGH 8.1 Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed … Jun 10, 2026
CVE-2026-41728 HIGH 7.5 Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: … Jun 10, 2026
CVE-2026-41727 MEDIUM 6.5 Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted … Jun 10, 2026
CVE-2026-41726 MEDIUM 6.5 When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually … Jun 10, 2026
CVE-2026-41721 MEDIUM 5.9 Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction … Jun 10, 2026
CVE-2026-41719 MEDIUM 6.4 A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates … Jun 10, 2026
CVE-2026-41717 HIGH 8.1 Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is … Jun 10, 2026
CVE-2026-41716 HIGH 7.5 Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons … Jun 10, 2026
CVE-2026-41714 MEDIUM 4.0 Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification. Affected versions: … Jun 10, 2026
CVE-2026-41711 MEDIUM 5.9 Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: … Jun 10, 2026
CVE-2026-41706 MEDIUM 6.1 Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination … Jun 10, 2026
CVE-2026-41701 MEDIUM 4.4 Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through … Jun 10, 2026
CVE-2026-41697 MEDIUM 4.8 Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An … Jun 10, 2026
CVE-2026-41696 MEDIUM 5.9 Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply … Jun 10, 2026
CVE-2026-41695 HIGH 7.5 Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path … Jun 10, 2026
CVE-2026-41694 LOW 3.7 Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able … Jun 10, 2026
CVE-2026-41008 MEDIUM 6.1 Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri … Jun 10, 2026