CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

EUVD-2026-35327

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

PT-2026-47661

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

PT-2026-47656

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3....

CVE-2024-22854

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 bundle version 61050 and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an...

Design/Logic Flaw

DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 bundle version 61050 and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an...

PT-2024-19586 · Darktrace · Darktrace Threat Visualizer

Name of the Vulnerable Software and Affected Versions: Darktrace Threat Visualizer versions 6.1.27 and before Description: A DOM-based HTML injection vulnerability has been identified in the main page of Darktrace Threat Visualizer. This issue allows a remote attacker to craft a URL that, when...