Security Advisories (formerly Vulnerability Notices)

Blog Articles

SA-2026-019 - Hibernate Validator EL Interpolation Code Injection (CVE-2025-35036)

Summary Hibernate Validator, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to ac...

SA-2025-074 - Apache Commons FileUpload DoS (CVE-2025-48976)

Summary Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. Products Potentially Affected OS/Product Exposure ExtremeA...

SA-2025-119 - Linux VMSCAPE Guest-Initiated Memory Leak (CVE-2025-40300)

Summary The Linux kernel’s x86 virtualization code (“VMSCAPE”) allows a guest VM to exploit insufficient branch‐predictor isolation between the guest and a userspace hypervisor (such as QEMU). Produ...