Lucene search
+L

37 matches found

OSV
OSV
added 6 days ago19 views

ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.0048EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 4:9 p.m.10 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-web (CVE-2026-22732)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-22732 reported for spring-security-web-6.4.12.jar. Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring Security, there is the...

9.1CVSS7.3AI score0.0048EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 9:3 a.m.16 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring

Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...

9.1CVSS6AI score0.0048EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/27 7:43 a.m.16 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...

10CVSS9.8AI score0.00968EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/17 1:12 p.m.7 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Security

Summary Due to use of Spring Security, DevOps Test Performance and Rational Performance Tester contain a vulnerability that can potentially result in clickjacking, XSS, and sensitive data exposure via caching. CVE-2026-22732 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When application...

9.1CVSS5.7AI score0.0048EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2026/04/07 5:31 p.m.134 views

Exploit for CVE-2026-22732

CVE-2026-22732 Demo Minimal reproduction of CVE-2026-22732...

9.1CVSS6AI score0.0048EPSS
Exploits2
Snyk
Snyk
added 2026/03/20 12:40 a.m.8 views

Use of Cache Containing Sensitive Information

Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the process of writing HTTP response heade...

9.3CVSS5.9AI score0.0048EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/03/20 12:40 a.m.9 views

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +786 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=7.0.0-M1 <=7.0.3)

org.springframework.security:spring-security-web MAVEN version =7.0.0-M1, =0.2.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =1.28.1, =7.0.0, =7.1.0 and more Source cves: CVE-2026-22732 Source...

9.1CVSS7.7AI score0.0048EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/20 12:40 a.m.7 views

africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +10162 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=3.2.8.RELEASE <=6.5.8)

org.springframework.security:spring-security-web MAVEN version =3.2.8.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =cloud-0.1, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515,...

9.1CVSS7.5AI score0.0048EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.8 views

africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +7472 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.7.14)

org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =j8.2.4.0, =j8.2.4.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.6 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...

9.1CVSS7.5AI score0.0048EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.8 views

br.com.consultdg:database-module (>=1.0.1 <=1.0.10), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.4.0.0 <=3.4.0.1) +1068 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-web MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-33...

9.1CVSS7.7AI score0.0048EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.8 views

ai.langsa:ccaas-starter (>=0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +2592 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.0.0 <=6.3.10)

org.springframework.security:spring-security-web MAVEN version =6.0.0, =0.1, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.31 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...

9.1CVSS7.5AI score0.0048EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.8 views

ai.wavemaker.app.build:wavemaker-app-build-maven-plugin (>=1.0.0-20260516144515 <=1.0.0.ee-20260528111216), ai.wavemaker.app.build:wavemaker-app-build-utils (>=1.0.0-20260516144515 <=1.0.0.ee-20260528111216) +2549 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.5.0 <=6.5.8)

org.springframework.security:spring-security-web MAVEN version =6.5.0, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =2.0.0,...

9.1CVSS7.5AI score0.0048EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.9 views

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +783 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=7.0.0 <=7.0.3)

org.springframework.security:spring-security-web MAVEN version =7.0.0, =0.2.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =1.28.1, =7.0.0, =7.1.0 and more Source cves: CVE-2026-22732 Source advisor...

9.1CVSS7.7AI score0.0048EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/03/19 10:47 p.m.6 views

CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/19 10:47 p.m.30 views

CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS0.0048EPSS
Exploits2References1
Circl
Circl
added 2026/03/19 6:3 p.m.8 views

CVE-2026-22732

creationtimestamp| type| source ---|---|--- 2026-03-19 18:03:42+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-259 2026-03-19 23:25:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhh5kxyjyh25 2026-03-20 00:00:55+00:00| seen|...

9.1CVSS7.1AI score0.0048EPSS
Exploits2References11
RedhatCVE
RedhatCVE
added 2025/05/23 11:38 a.m.8 views

CVE-2025-22732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Admiral Ad Blocking Detector ad-blocking-detector allows Stored XSS.This issue affects Ad Blocking Detector: from n/a through = 3.6.0...

6.5CVSS7.2AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:11 p.m.7 views

CVE-2020-22732

CMS Made Simple CMSMS 2.2.14 allows stored XSS via the Extensions Fie Picker...

4.8CVSS5.6AI score0.00488EPSS
Exploits0
CNVD
CNVD
added 2025/03/27 12:0 a.m.4 views

GPT Academic Denial of Service Vulnerability (CNVD-2025-22732)

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. A denial of service vulnerability exists in GPT Academic, which stems from a security issue in the file upload feature that can be exploited by an attacker to cause a denial of service...

6.5CVSS6.8AI score0.00671EPSS
Exploits1References1
Rows per page
Query Builder