Common Vulnerabilities and Exposures (CVE)

CVE-2026-40967

Apr 29, 2026 03:55:36 UTC

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the abilit...

CVE-2026-40978

Apr 29, 2026 03:55:35 UTC

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVE-2026-40473

Apr 29, 2026 03:55:34 UTC

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a T...

CVE-2026-40048

Apr 29, 2026 03:55:33 UTC

The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast...

CVE-2026-32202

Apr 29, 2026 03:55:31 UTC

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.

CVE-2025-12543

Apr 29, 2026 03:55:30 UTC

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing ...

CVE-2025-9900

Apr 29, 2026 03:55:29 UTC

A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an att...

CVE-2025-48734

Apr 29, 2026 03:55:27 UTC

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the cla...

CVE-2024-1708

Apr 29, 2026 03:55:27 UTC

ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.

CVE-2026-23773

Apr 29, 2026 03:54:49 UTC

Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side reque...

CVE-2026-35155

Apr 29, 2026 03:50:56 UTC

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.

CVE-2026-40560

Apr 29, 2026 03:04:48 UTC

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per ...

CVE-2025-54505

Apr 29, 2026 03:04:47 UTC

A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality.

CVE-2026-42615

Apr 29, 2026 02:56:14 UTC

GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.

CVE-2026-0918

Apr 29, 2026 00:05:42 UTC

The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing th...