🚨 CVE-2026-45588
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
🎖@cveNotify
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
🎖@cveNotify
🚨 CVE-2026-45592
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-45593
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-41848
Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path), matchStart(String pattern, String path), extractUriTemplateVariables(String pattern, String path).
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path), matchStart(String pattern, String path), extractUriTemplateVariables(String pattern, String path).
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41848: Spring Framework Denial of Service via AntPathMatcher
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41852
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41852: Spring Framework Arbitrary Method Invocation in SpEL Expressions
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-42986
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-42987
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
🚨 CVE-2026-42989
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-42991
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-41844
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41844: Spring Framework Open Redirect in Spring MVC and WebFlux
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41845
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41845: Spring Framework Cross-site Scripting via JavaScriptUtils
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41846
Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41846: Spring Framework Cross-site Scripting via JSP Form Tags
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41847
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
🎖@cveNotify
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41847: Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-42903
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
🎖@cveNotify
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
🎖@cveNotify
🚨 CVE-2026-42904
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
🎖@cveNotify
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
🎖@cveNotify
🚨 CVE-2026-41006
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
CVE-2026-41006: Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41007
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
CVE-2026-41007: Spring HATEOAS heap exhaustion through unbounded internal caching
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41838
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41838: Spring Framework Predictable Session ID in WebSocket Module
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-40409
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
🎖@cveNotify
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
🎖@cveNotify
🚨 CVE-2026-41092
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-41108
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
🎖@cveNotify