Threats Tagged 'cve-2026-40973'
View all threats tagged with 'cve-2026-40973'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-40973'
Click on any threat for detailed analysis and mitigation recommendations
Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6.SP1 security updateCVE-2025-14813 0 This release of Red Hat build of Quarkus 3.20.6.SP1 includes the following CVE fixes: * quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests [quarkus-3.20] (CVE-2026-39852) * bcprov-jdk18on: GOSTCTR implementation unable to process more than 255 blocks correctly [quarkus-3.20] (CVE-2025-14813) * bcpkix-jdk18on: PKIX draft CompositeVerifier accepts empty signature sequence as valid [quarkus-3.20] (CVE-2026-5588) * bcprov-jdk18on: LDAP injection vulnerability in LDAPStoreHelper.java [quarkus-3.20] (CVE-2026-0636) For more information, see the release notes page listed in the References section. Join the discussion | GCVE Database | 05/05/2026, 03:47:27 UTC Added: 05/26/2026, 20:58:00 UTC |
Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container imageCVE-2025-13465 0 Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and configuration settings. When you install Red Hat Lightspeed in Satellite locally, you can generate Red Hat Lightspeed recommendations without sending system data to Red Hat services. Join the discussion | GCVE Database | 05/07/2026, 15:45:54 UTC Added: 05/26/2026, 20:57:57 UTC |
CVE-2026-40973: CWE-377: Insecure Temporary File in Spring Spring BootCVE-2026-40973 0 A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory. Join the discussion | CVE Database V5 | 04/27/2026, 23:29:51 UTC Added: 04/28/2026, 01:54:22 UTC |
Showing 1 to 3 of 3 results