VYPR

apk package

chainguard/kafbat-ui-fips

pkg:apk/chainguard/kafbat-ui-fips

Vulnerabilities (26)

  • CVE-2026-22735LowMar 20, 2026
    affected < 1.4.2-r5fixed 1.4.2-r5

    Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

  • CVE-2026-22732CriMar 19, 2026
    affected < 1.4.2-r5fixed 1.4.2-r5

    When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security Servlet applications using lazy (default) writing of HTTP Headers: : from 5.7.0

  • CVE-2025-33042Feb 13, 2026
    affected < 1.4.2-r2fixed 1.4.2-r2

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrad

  • CVE-2026-1225LowJan 22, 2026
    affected < 1.4.2-r2fixed 1.4.2-r2

    ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instanti

  • CVE-2025-66566HigDec 5, 2025
    affected < 1.5.0-r0fixed 1.5.0-r0

    yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the

  • CVE-2025-12183HigNov 28, 2025
    affected < 1.5.0-r0fixed 1.5.0-r0

    Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

Page 2 of 2