Lucene search
K

15 matches found

OSV
OSV
added 2026/06/09 5:16 a.m.9 views

UBUNTU-CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS5.6AI score0.00164EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:51 a.m.35 views

CVE-2026-41854 Spring Framework Server-Side Request Forgery via UriComponentsBuilder

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery SSRF attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18...

4.2CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:51 a.m.57 views

CVE-2026-41854

The CVE affects Spring Framework 7.0.0–7.0.7 and 6.2.0–6.2.18, where incorrect host parsing in UriComponentsBuilder may allow a server-side request forgery (SSRF) when parsing an externally provided URL string. The vulnerability is described as an SSRF condition resulting from this parsing flaw. ...

6.5CVSS5.5AI score0.00123EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.10 views

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS5.5AI score0.00186EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.16 views

EUVD-2026-35338

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35331

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00341EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.12 views

EUVD-2026-35327

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.4AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. Versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the VMware Spring Framework conta...

5.9CVSS5.3AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47661

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications that evaluate user-supplied...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.11 views

CVE-2025-60024

Multiple Improper Limitations of a Pathname to a Restricted Directory 'Path Traversal' vulnerabilities CWE-22 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or...

8.8CVSS7AI score0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 5:18 p.m.2 views

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

7.2CVSS7.1AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Fortinet FortiVoice 路径遍历漏洞

Fortinet FortiVoice is a Unified Communications and Collaboration-as-a-Service from Fortinet, Inc. A path traversal vulnerability exists in Fortinet FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7, which stems from an improperly restricted path that could result in writing to an...

8.8CVSS6.8AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 5:20 p.m.4 views

CVE-2025-58692

An improper neutralization of special elements used in an SQL Command "SQL Injection" vulnerability CWE-89 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HT...

8.8CVSS7.9AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/18 5:1 p.m.2 views

CVE-2025-58692

An improper neutralization of special elements used in an SQL Command "SQL Injection" vulnerability CWE-89 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HT...

8.8CVSS7.5AI score0.00291EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.4 views

PT-2023-13889 · Fortinet · Forticlient

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClient Windows versions 7.0.0 through 7.0.7 Fortinet FortiClient Windows versions 6.4.0 through 6.4.9 Fortinet FortiClient Windows versions 6.2.0 through 6.2.9 Fortinet FortiClient Windows versions 6.0.0 through 6.0.10...

7.1CVSS6.6AI score0.0021EPSS
Exploits0References4
Rows per page
Query Builder