|
4291
|
7.8 |
HIGH
Local
|
-
|
-
|
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inse…
|
CWE-74
CWE-94
CWE-116
Injection
Code Injection
Improper Encoding or Escaping of Output
|
CVE-2026-8795
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4292
|
7.5 |
HIGH
Network
|
-
|
-
|
In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.
Affected versions:
Micrometer 1.16.0 through 1.16.5; 1.15.0 th…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40983
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4293
|
7.5 |
HIGH
Network
|
-
|
-
|
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Affected versions:
micrometer-core 1.16.0 through 1.16.5; 1.15…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40984
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4294
|
5.9 |
MEDIUM
Network
|
-
|
-
|
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects an…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41710
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4295
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been e…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-41715
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4296
|
7.4 |
HIGH
Network
|
-
|
-
|
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password.
Affected versions:
Spring LDAP 2.4.0 …
|
CWE-287
Improper Authentication
|
CVE-2026-41720
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4297
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authent…
|
CWE-384
Session Fixation
|
CVE-2026-41839
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4298
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-41840
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4299
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-41841
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4300
|
7.5 |
HIGH
Network
|
-
|
-
|
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-41842
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
