Lucene search
K

133 matches found

NVD
NVD
added 2026/06/11 7:16 a.m.11 views

CVE-2026-40992

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...

5CVSS0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:4 a.m.9 views

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:4 a.m.49 views

CVE-2026-41001

CVE-2026-41001 affects Spring Boot’s ArtemisEmbeddedConfigurationFactory, which uses a fixed, static path for the embedded Artemis broker data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before appli...

5.3CVSS5.5AI score0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:3 a.m.54 views

CVE-2026-40992

CVE-2026-40992 concerns Spring Boot's Mail auto-configuration not enabling hostname verification by default. Affected: Spring Boot 4.0.0–4.0.6; 3.5.0–3.5.14; 3.4.0–3.4.16. The issue: hostname verification is not enabled; applications that explicitly set spring.mail.properties.mail.smtp.ssl.checks...

5CVSS5.5AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48616

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.6 Spring Boot versions 3.5.0 through 3.5.14 Spring Boot versions 3.4.0 through 3.4.16 Description Mail auto-configuration does not enable hostname verification, which is the process of verifying that the...

5CVSS5.8AI score0.00123EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true , are not affected...

5CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/28 12:31 a.m.10 views

Spring Boot's Cassandra SSL auto-configuration disables TLS hostname verification

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

9.8CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/28 12:31 a.m.9 views

Spring Boot's RabbitMQ auto-configuration doesn't perform hostname verification when connecting to the RabbitMQ broker

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

9.1CVSS5.8AI score0.00157EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/28 12:16 a.m.4 views

CVE-2026-40974

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

9.8CVSS0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:31 p.m.5 views

CVE-2026-40974

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

5CVSS5.2AI score0.00182EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 11:31 p.m.6 views

CVE-2026-40974

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

5CVSS5.2AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 11:31 p.m.7 views

EUVD-2026-25938

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

5CVSS5.1AI score0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 10:45 p.m.2 views

CVE-2026-40971

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

5CVSS5.2AI score0.00157EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/27 10:45 p.m.35 views

EUVD-2026-25930

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14 per vendor advisory...

5CVSS5.2AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.17 views

PT-2026-35539

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Description When configured to use an SSL bundle, the RabbitMQ auto-configuration fails to perform hostname verification during the connection process to the...

9.1CVSS5.8AI score0.00157EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35546

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Spring Boot versions 3.4.0 through 3.4.15 Spring Boot versions 3.3.0 through 3.3.18 Spring Boot versions 2.7.0 through 2.7.32 Spring Boot versions prior to 2.7....

9.8CVSS5.8AI score0.00182EPSS
Exploits0References8
Spring Security Advisories
Spring Security Advisories
added 2026/04/23 12:0 a.m.10 views

RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker...

5CVSS5.9AI score0.00157EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/04/23 12:0 a.m.7 views

Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server...

5CVSS5.9AI score0.00136EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/07 8:13 p.m.6 views

Access Control Bypass

Overview genieacs is an A TR-069 Auto Configuration Server ACS Affected versions of this package are vulnerable to Access Control Bypass via the NBI API endpoint. An attacker can gain unauthorized access to sensitive functionality or data by sending unauthenticated requests. Remediation There is ...

7.5CVSS5.4AI score0.00438EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.9 views

Mozilla Firefox < 3.0.15

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute...

9.3CVSS8.1AI score0.03985EPSS
Exploits0References3
Rows per page
Query Builder