Lucene search
+L

167 matches found

Spring Security Advisories
Spring Security Advisories
added 2026/05/12 12:0 a.m.12 views

This Week in Spring - May 12th, 2026

Hi, Spring fans! As I write this I am in Miami, FL at the CodeRemix.ai show, focused on the wide and wonderful world of OpenRewrite and Moderne. I've got a talk to give so let's dive right into it! a quick note about the upcoming release train dates in last week's installment of A Bootiful Podcas...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.8 views

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.11 views

ch.admin.bit.jeap:jeap-spring-boot-config-starter (>=17.16.0 <=18.5.0), ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=7.4.5) +901 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =17.16.0, =4.0.0, =1.0.0, =1.0.1, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2026-40990 Source advisory:...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.8 views

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40989 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
Snyk
Snyk
added 2026/05/08 12:0 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 12:0 a.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition and function wrapper cache in SimpleFunctionRegistry.java. An attacker can exhaust memory by supplying many distinct composed function...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/05 2:42 p.m.92 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

No d...

9.8CVSS7.3AI score0.99939EPSS
Exploits36
GithubExploit
GithubExploit
added 2026/04/28 2:25 p.m.129 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 — Demo Methodology ⚠️ Overview This demo s...

9.8CVSS9.1AI score0.99939EPSS
Exploits36
OSV
OSV
added 2026/04/06 2:49 p.m.2 views

BIT-PARSE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud Function...

9.1CVSS5.8AI score0.00277EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.6 views

CVE-2026-34532

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00277EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/31 11:48 p.m.5 views

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization via the Cloud Function handler resolution process. An attacker can gain unauthorized access to...

9.1CVSS5.9AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 11:48 p.m.3 views

GHSA-VPJ2-QQ7W-5QQ6 parse-server has cloud function validator bypass via prototype chain traversal

Impact An attacker can bypass Cloud Function validator access controls by appending .prototype.constructor to the function name in the URL. When a Cloud Function handler is declared using the function keyword and its validator is a plain object or arrow function, the trigger store traversal...

9.1CVSS5.9AI score0.00277EPSS
Exploits0References7
NVD
NVD
added 2026/03/31 3:16 p.m.7 views

CVE-2026-34532

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS0.00277EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:42 p.m.4 views

CVE-2026-34532

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00277EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/03/31 2:42 p.m.22 views

CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS0.00277EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 2:42 p.m.2 views

CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00277EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/31 2:42 p.m.4 views

EUVD-2026-17473

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00277EPSS
Exploits0References5
OSV
OSV
added 2026/03/31 2:42 p.m.5 views

CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.8AI score0.00277EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29272

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.67 Parse Server versions prior to 9.7.0-alpha.11 Description Parse Server is an open source backend deployable on Node.js infrastructures. An attacker can bypass Cloud Function validator access controls by...

9.1CVSS5.9AI score0.00277EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.67 and 9.7.0-alpha.11. These vulnerabilities stemmed from a flaw where attackers could...

9.1CVSS5.8AI score0.00277EPSS
Exploits0References5
Rows per page
Query Builder