|
421
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/…
New
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-44505
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
422
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl.
Aff…
New
|
CWE-284
Improper Access Control
|
CVE-2026-41837
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
423
|
8.1 |
HIGH
Network
|
-
|
-
|
JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41732
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
424
|
8.1 |
HIGH
Network
|
-
|
-
|
JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its s…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41731
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
425
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients.
Affected versions:
Spring Data REST 3.7.…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-41730
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
426
|
8.1 |
HIGH
Network
|
-
|
-
|
Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-type…
New
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-41729
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
427
|
7.5 |
HIGH
Network
|
-
|
-
|
Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer.
Affected …
New
|
CWE-284
Improper Access Control
|
CVE-2026-41728
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
428
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-41727
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
429
|
6.5 |
MEDIUM
Network
|
-
|
-
|
When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, ev…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41726
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
430
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-41721
|
2026-06-10 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
