CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

ROOT-APP-MAVEN-CVE-2026-22737 CVE-2026-22737 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22737 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.6AI score0.00385EPSS

Exploits0

IBM Security Bulletins•added 2026/06/15 10:14 p.m.•4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Locking, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-22735, CVE-2026-22737)

Summary There are vulnerabilities in spring-web-6.2.15.jar, spring-webmvc-6.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22735, CVE-2026-22737. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux...

5.9CVSS5.1AI score0.00385EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/29 1:24 p.m.•13 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.13.1 Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of conten...

8.8CVSS8.7AI score0.45854EPSS

Exploits9Affected Software1

IBM Security Bulletins•added 2026/04/27 9:3 a.m.•11 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring

Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...

9.1CVSS6AI score0.0048EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2026/04/27 7:44 a.m.•9 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses lodash-4.17.21.tgz, tomcat-embed-core-10.1.49.jar, Markdown-3.7-py3-none-any.whl, spring-webmvc-6.2.14.jar, torch-2.10.0-cp311-cp311-manylinux228x8664.whl, and FlaskHTTPAuth-4.8.0-py3-none-any.whl, which are vulnerable to CVE-2025-13465, CVE-2025-66614,...

9.1CVSS7AI score0.00494EPSS

Exploits0Affected Software1

Wolfi•added 2026/04/01 1:48 a.m.•7 views

CVE-2026-22737 vulnerabilities

Vulnerabilities for packages: thingsboard, apache-nifi-registry...

5.9CVSS6AI score0.00385EPSS

Exploits0

Tenable Nessus•added 2026/03/23 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-22737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from...

5.9CVSS6AI score0.00385EPSS

Exploits0References4

vulnersOsv•added 2026/03/20 2:41 a.m.•7 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.120.0) +2889 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.0.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =0.2.2, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701844...

5.9CVSS5.9AI score0.00385EPSS

Exploits0

vulnersOsv•added 2026/03/20 2:41 a.m.•8 views

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +4 more potentially affected by CVE-2026-22737 via springframework:spring-webmvc (>=1.1.3 <=1.2.1)

springframework:spring-webmvc MAVEN version =1.1.3, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701846...

5.9CVSS6AI score0.00385EPSS

Exploits0

vulnersOsv•added 2026/03/20 2:41 a.m.•5 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +583 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=7.0.0-M7 <=7.0.5)

org.springframework:spring-webflux MAVEN version =7.0.0-M7, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =2.0.8, =4.0.0.0-M2, =4.0.0.0-M2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701844...

5.9CVSS5.9AI score0.00385EPSS

Exploits0

vulnersOsv•added 2026/03/20 12:31 a.m.•6 views

5.9CVSS5.9AI score0.00385EPSS

Exploits0

vulnersOsv•added 2026/03/20 12:31 a.m.•8 views

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.114.0 <=0.120.0) +1424 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.2.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 - ai.telosforge:kimaira-util-webclient =1.2.6 and more Source cves: CVE-2026-22737 Source advisory:...

5.9CVSS5.9AI score0.00385EPSS

Exploits0

vulnersOsv•added 2026/03/20 12:31 a.m.•8 views

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +1987 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=5.3.0 <=5.3.39)

org.springframework:spring-webflux MAVEN version =5.3.0, =1.1.0, =1.1.0, =j11.2.6.0, =v0.3.12, =v0.3.12, =v0.3.12, =4.1.36, =4.1.36, =1.7, =1.0, =1.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

5.9CVSS5.9AI score0.00385EPSS

Exploits0

vulnersOsv•added 2026/03/20 12:31 a.m.•7 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +6444 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.0.0 <=6.1.21)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

5.9CVSS5.9AI score0.00385EPSS

Exploits0

UbuntuCve•added 2026/03/20 12:16 a.m.•3 views

CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.8AI score0.00385EPSS

Exploits0References2