🚨 CVE-2026-41852
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41852: Spring Framework Arbitrary Method Invocation in SpEL Expressions
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-42986
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-42987
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
🚨 CVE-2026-42989
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-42991
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-41844
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41844: Spring Framework Open Redirect in Spring MVC and WebFlux
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41845
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41845: Spring Framework Cross-site Scripting via JavaScriptUtils
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41846
Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41846: Spring Framework Cross-site Scripting via JSP Form Tags
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41847
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
🎖@cveNotify
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41847: Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-42903
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
🎖@cveNotify
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
🎖@cveNotify
🚨 CVE-2026-42904
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
🎖@cveNotify
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
🎖@cveNotify
🚨 CVE-2026-41006
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
CVE-2026-41006: Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41007
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3.
🎖@cveNotify
CVE-2026-41007: Spring HATEOAS heap exhaustion through unbounded internal caching
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-41838
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
🎖@cveNotify
CVE-2026-41838: Spring Framework Predictable Session ID in WebSocket Module
Level up your Java code and explore what Spring can do for you.
🚨 CVE-2026-40409
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
🎖@cveNotify
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
🎖@cveNotify
🚨 CVE-2026-41092
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-41108
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-6973
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
🎖@cveNotify
An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution.
🎖@cveNotify
🚨 CVE-2026-44810
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
🎖@cveNotify
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2026-44815
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
🚨 CVE-2026-34691
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.
🎖@cveNotify
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.
🎖@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager (AEM) Forms | APSB26-57