|
601
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded c…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41851
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker t…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-41852
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 …
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-41853
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
4.2 |
MEDIUM
Network
|
-
|
-
|
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.
A…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41854
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
8.1 |
HIGH
Network
|
-
|
-
|
In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary cl…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41855
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41539
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
- |
|
-
|
-
|
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to mod…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-62858
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
- |
|
-
|
-
|
An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges.
We have …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44083
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-40808
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…
New
|
CWE-313
Cleartext Storage in a File or on Disk
|
CVE-2026-24349
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
