Lucene search
+L

193 matches found

nvd
nvd
added 11 hours ago5 views

CVE-2026-22752

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS
Exploits0References1
cve
cve
added 12 hours ago17 views

CVE-2026-22752

CVE-2026-22752 affects Spring Authorization Server dynamic client registration: versions 7.0.0–7.0.4, 1.5.0–1.5.6, 1.4.0–1.4.9, and 1.3.0–1.3.10, with insufficient validation of client metadata during dynamic registration. This can lead to Stored XSS, SSRF, or Privilege Escalation depending on co...

9.6CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added 12 hours ago14 views

CVE-2026-22752 Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS
Exploits0References1
euvd
euvd
added 12 hours ago5 views

EUVD-2026-44904

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS6.1AI score
Exploits0References1
f5
f5
added 6 days ago6 views

K000162176: Spring authorization server vulnerability CVE-2026-22752

Security Advisory Description The cve record for the cve id does not exist. CVE-2026-22752 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

9.6CVSS6.1AI score
Exploits0
euvd
euvd
added 2026/06/30 12:41 p.m.7 views

EUVD-2026-40307

Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server...

8.8CVSS5.8AI score0.00486EPSS
Exploits0References1
veracode
veracode
added 2026/06/17 9:30 a.m.13 views

Open Redirect

Spring Authorization Server is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of the requesturi parameter at the authorization endpoint, where a malicious authorization request can include an invalid requesturi and an attacker-controlled redirecturi, resulting in...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/12 8:57 a.m.12 views

EUVD-2026-36397

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS5.3AI score0.0047EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/11 2:59 a.m.10 views

CVE-2026-41008

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1
euvd
euvd
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35888

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References2
nvd
nvd
added 2026/06/10 12:16 a.m.16 views

CVE-2026-41008

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS0.00172EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.19 views

VMware Spring Security和Spring Authorization Server 输入验证错误漏洞

VMware Spring Security and Spring Authorization Server are both products of the American company VMware. VMware Spring Security is a security framework designed to provide descriptive security protections for Spring-based applications. Spring Authorization Server is a framework used to build secu...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/09 11:47 p.m.9 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References1
cve
cve
added 2026/06/09 11:47 p.m.30 views

CVE-2026-41008

CVE-2026-41008 affects Spring Security and Spring Authorization Server. The vulnerability arises from insufficient validation of the request_uri parameter at the authorization endpoint, allowing an attacker to craft a malicious authorization request with an invalid request_uri and an unvalidated ...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2026/06/09 11:47 p.m.35 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS0.00172EPSS
Exploits0References1
osv
osv
added 2026/06/09 11:47 p.m.3 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS6AI score0.00172EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.31 views

PT-2026-48309

Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Spring Authorization Server versions 1.5.0 through 1.5.7 Description The authorization endpoint performs insufficient validation of the request uri parameter. An attacker can craft a malicious...

6.1CVSS5.9AI score0.00172EPSS
Exploits0References5
spring
spring
added 2026/06/09 12:0 a.m.12 views

cve-2026-41008 - MEDIUM - Spring Security Authorization Server Open Redirect via request_uri

cve-2026-41008 - MEDIUM - Spring Security Authorization Server Open Redirect via requesturi...

6.1CVSS6.1AI score0.00172EPSS
Exploits0
snyk
snyk
added 2026/06/09 12:0 a.m.19 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect due to insufficient validation of the requesturi parameter in the OAuth2AuthorizationCodeRequestAuthenticationConverter class. When an authorization request contains a requesturi parameter, the converter still reads and...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References2
spring
spring
added 2026/05/05 12:0 a.m.6 views

This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

5.8AI score
Exploits0
Rows per page
Query Builder