CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2026/02/08 6:56 a.m.•6 views

Security Bulletin: A security vulnerability has been identified in IBM StreamSets Data Collector

Summary A security vulnerability CVE-2025-41242 has been addressed in IBM StreamSets Data Collector version 7.1.0 Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servle...

5.9CVSS6.3AI score0.05222EPSS

IBM Security Bulletins•added 2026/01/13 2:27 a.m.•13 views

Security Bulletin: IBM Terracotta affected by Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242

Summary Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242 are addressed in the IBM Teracotta product Vulnerability Details CVEID:CVE-2022-22965 DESCRIPTION: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE vi...

9.8CVSS7.9AI score0.94439EPSS

Exploits101Affected Software1

IBM Security Bulletins•added 2026/01/08 3:7 p.m.•4 views

Security Bulletin: IBM Controller is vulnerable to a Path Traversal vulnerability

Summary IBM Controller has addressed a Path Traversal vulnerability present in Spring Framework MVC applications Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet...

5.9CVSS6.6AI score0.05222EPSS

IBM Security Bulletins•added 2025/11/07 4:49 p.m.•3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal Vulnerability in Spring Framework [CVE-2025-41242]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal Vulnerability in Spring Framework when deployed on a non-compliant Servlet container CVE-2025-41242. Spring Framework is used as part of our java microservices. This vulnerabilitiy has been addressed. Please read the...

5.9CVSS6.7AI score0.05222EPSS

IBM Security Bulletins•added 2025/11/06 10:13 a.m.•7 views

Security Bulletin: Path traversal vulnerability affect IBM Business Automation Workflow - CVE-2025-41242

Summary IBM Business Automation Workflow packages a vulnerable version of spring. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can ...

Exploits0Affected Software2

IBM Security Bulletins•added 2025/11/01 5:32 a.m.•5 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2025-41249,CVE-2025-41242)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on...

7.5CVSS7.6AI score0.05222EPSS

IBM Security Bulletins•added 2025/10/28 5:54 a.m.•3 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION:...

5.9CVSS6.4AI score0.05222EPSS

IBM Security Bulletins•added 2025/10/07 7:40 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses spring-beans-6.2.9.jar, spring-context-6.1.14.jar, flask-3.1.0-py3-none-any.whl, kafka-clients-3.9.0.jar, cxf-core-3.6.7.jar, urllib3-1.26.20-py2.py3-none-any.whl, postgresql-42.7.5.jar, requests-2.32.3-py3-none-any.whl,commons-beanutils-1.9.4.jar which i...

8.8CVSS7.6AI score0.05222EPSS

Exploits3Affected Software1

OpenVAS•added 2025/08/20 12:0 a.m.•5 views

VMware Spring Framework <= 5.3.43, 6.0.0 - 6.0.29, 6.1.0 - 6.1.21, 6.2.0 - 6.2.9 Path Traversal Vulnerability - Linux

The VMware Spring Framework is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.9CVSS6.6AI score0.05222EPSS

Exploits0References2

Chainguard•added 2025/08/19 1:20 p.m.•5 views

CVE-2025-41242 vulnerabilities

Vulnerabilities for packages: thingsboard, apache-activemq-fips, apache-nifi-registry, apache-activemq...

5.9CVSS6.3AI score0.05222EPSS

Spring Engineering•added 2025/08/19 12:0 a.m.•5 views

This Week in Spring - August 19th, 2025

Hi, Spring fans! Welcome to another extra special installment of This Week in Spring - special because the next installment will be delivered from the floors of the Ventian where the extraordinairily awesome SpringOne 2025 event will take place! So, some poetry: T’was the Week Before SpringOne...

7.2AI score

vulnersOsv•added 2025/08/18 9:31 a.m.•4 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +4607 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.21)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2025-41242 Source advisory: OSV:GHSA-R936-GWX5-V52F...

vulnersOsv•added 2025/08/18 9:31 a.m.•3 views

be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3), be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.2.RELEASE) +2807 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.23)

org.springframework:spring-webmvc MAVEN version =6.0.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =3.0.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.4.0 and more Source cves: CVE-2025-41242 Source advisory...

vulnersOsv•added 2025/08/18 9:31 a.m.•2 views

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.timefold.solver:spring-boot-integration-test (>=1.17.0 <=1.18.0) +2038 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.1)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.17.0, =0.0.1, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =2.3.0, =2.3.0, =2.3.0, =2.3.1 - ch.ralscha:extdirectspring =2.1.0 - city.hiperium:functions-parent-pom =1.1.0 - cloud.gatekeeperid:gatekeeper-spring-boot-starter =0.1.1 -...

vulnersOsv•added 2025/08/18 9:31 a.m.•5 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10765 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.4)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =1.4.2, =1.6.6, =1.6.6.1 - ai.platon:distributed-lock-example =1.4.2 and more Source cves: CVE-2025-41242 Source advisory: OSV:GHSA-R936-GWX5-V52F...

UbuntuCve•added 2025/08/18 9:15 a.m.•1 views

CVE-2025-41242

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

5.9CVSS6.8AI score0.05222EPSS

Exploits0References3

OSV•added 2025/08/14 6:52 p.m.•2 views

MAL-2025-41242 Malicious code in zzcnativeapi (npm)

The package zzcnativeapi was found to contain malicious code...

7.2AI score