Devspaces Pluginregistry-Rhel9 vulnerabilities

CVE-2026-40977 [MEDIUM] CWE-59 Spring Boot: Spring Boot: Local file corruption via PID file manipulation Spring Boot: Spring Boot: Local file corruption via PID file manipulation A flaw was found in Spring Boot when an application is configured to use `ApplicationPidFileWriter`. A local attacker with write access to the PID file's location can exploit this vulnerability to corrupt one arbitrary file on the host each time the application is started. This can lead to data integrity issues or a de

CVE-2026-40970 [MEDIUM] CWE-295 Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure Spring Boot: Spring Boot: Missing hostname verification in Elasticsearch auto-configuration allows information disclosure A flaw was found in Spring Boot. When configured to use an SSL (Secure Sockets Layer) bundle, the Elasticsearch auto-configuration component does not perform hostname verification when establishing a connection to the Elast

CVE-2026-22753 [HIGH] CWE-551 Spring Security: Spring Security: Security bypass due to incorrect servlet path matching Spring Security: Spring Security: Security bypass due to incorrect servlet path matching A flaw was found in Spring Security. When an application uses specific configurations involving `securityMatchers(String)` and `PathPatternRequestMatcher.Builder` to handle servlet paths, the intended security controls may not be applied. This can result in a security bypass, where authenti

CVE-2026-22754 [HIGH] CWE-551 Spring Security: Spring Security: Authorization bypass due to incorrect servlet path matching Spring Security: Spring Security: Authorization bypass due to incorrect servlet path matching A flaw was found in Spring Security. When an application uses `` to define authorization rules, the servlet path may not be correctly included in the path matcher. This oversight can lead to an authorization bypass, allowing a remote attacker to access protected resources without

CVE-2026-22747 [MEDIUM] CWE-295 Spring Security: Spring Security: User impersonation via malformed X.509 certificate Common Name (CN) values Spring Security: Spring Security: User impersonation via malformed X.509 certificate Common Name (CN) values A flaw was found in Spring Security. This vulnerability allows a remote attacker to impersonate another user. The SubjectX500PrincipalExtractor component incorrectly handles certain malformed X.509 certificate Common Name (CN) values, which can lead

CVE-2026-22748 [MEDIUM] CWE-347 Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation A flaw was found in Spring Security. When an application is configured to decode JSON Web Tokens (JWTs) using `NimbusJwtDecoder` or `NimbusReactiveJwtDecoder`, it may not properly validate these tokens if an `OAuth2TokenValidator` is not explicitly configured. This ove

CVE-2026-22746 [LOW] CWE-208 Spring Security: Spring Security: Timing attack defense bypass allows information disclosure Spring Security: Spring Security: Timing attack defense bypass allows information disclosure A flaw was found in Spring Security. If an application uses the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, an attacker can bypass the DaoAuthenticationProvider's timing attack defense. This bypass allows an attacker to potentially gain limite

CVE-2026-6019 [LOW] CWE-79 python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module A flaw was found in Python's `http.cookies` module. The `Morsel.js_output()` function, responsible for generating JavaScript output for cookies, does not properly neutralize the `` HTML sequence. This oversight could allow a remote attacker to inject malicious script into a web page, potentially leading to Cros

CVE-2026-40895 [MEDIUM] CWE-212 follow-redirects: follow-redirects: Information disclosure via cross-domain redirects follow-redirects: follow-redirects: Information disclosure via cross-domain redirects A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redi

CVE-2026-22751 [MEDIUM] CWE-367 Spring Security: JdbcOneTimeTokenService: Spring Security: Authentication bypass due to race condition in One-Time Token login Spring Security: JdbcOneTimeTokenService: Spring Security: Authentication bypass due to race condition in One-Time Token login A flaw was found in Spring Security, specifically in applications configured for One-Time Token login using JdbcOneTimeTokenService. This vulnerability is due to a Time-of-check Time-of-use (TOCTOU) race condition

CVE-2026-40477 [CRITICAL] CWE-917 thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution thymeleaf: Thymeleaf: Server-Side Template Injection via security bypass in expression execution Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection,

CVE-2026-40478 [CRITICAL] CWE-917 thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass thymeleaf: Thymeleaf: Server-Side Template Injection via expression execution bypass Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properl

CVE-2025-14813 [CRITICAL] CWE-327 bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected b

CVE-2026-5598 [CRITICAL] CWE-385 bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unautho

CVE-2026-5588 [MEDIUM] CWE-347 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifi

CVE-2026-0636 [MEDIUM] CWE-90 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, pot