Lucene search
K

1091 matches found

Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.8 views

CVE-2026-41850

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0
CVE
CVE
added 2026/06/09 3:51 a.m.208 views

CVE-2026-41850

Spring Framework vulnerability CVE-2026-41850 affects the evaluation of user-supplied Spring Expression Language (SpEL) expressions. The issue is an Algorithmic Denial of Service (DoS) caused by crafted expressions triggering excessive resource consumption during evaluation, degrading or taking d...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/09 3:51 a.m.11 views

EUVD-2026-35337

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.10 views

CVE-2026-41849 Spring Framework Denial of Service via Integer Overflow in SpEL Expressions

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:51 a.m.71 views

CVE-2026-41849

The CVE-2026-41849 entry affects Spring Framework 5.3.0–5.3.48 and is caused by an integer overflow in the SpEL evaluation logic. Exploitation via a crafted SpEL expression can trigger excessive resource consumption, leading to a Denial of Service. The connected documents specify the vulnerabilit...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47662

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications that accept user-supplied Sprin...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48320

Name of the Vulnerable Software and Affected Versions Spring Data KeyValue / Spring Data Redis versions 4.0.0 through 4.0.5 Spring Data KeyValue / Spring Data Redis versions 3.5.0 through 3.5.11 Spring Data KeyValue / Spring Data Redis versions 3.4.0 through 3.4.14 Spring Data KeyValue / Spring...

6.4CVSS6AI score0.00202EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47660

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is an open-source Java and JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. Versions of the VMware Spring Framework prior to 7.0.0, 6.2.0, 6.1.0, and 5.3.0 contain security vulnerabilities. These...

7.5CVSS5.3AI score0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

Spring Framework 安全漏洞

The Spring Framework is an application development framework developed by Spring in a open-source manner. Versions of the Spring Framework such as 7.0.0 and earlier, 6.2.0 and earlier, 6.1.0 and earlier, and 5.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the...

7.5CVSS5.3AI score0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47663

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description A flaw in the Spring Expression Language SpE...

5.3CVSS5.4AI score0.00164EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48325

Name of the Vulnerable Software and Affected Versions Spring Data REST versions 3.7.0 through 3.7.19 Spring Data REST versions 4.3.0 through 4.3.16 Spring Data REST versions 4.4.0 through 4.4.14 Spring Data REST versions 4.5.0 through 4.5.11 Spring Data REST versions 5.0.0 through 5.0.5 Descripti...

8.1CVSS5.9AI score0.00393EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.6 views

CVE-2026-41719: Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator . The application is vulnerable if all conditions below are true:...

6.4CVSS5.8AI score0.00202EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-41849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References3
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.10 views

CVE-2026-41717: Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. The application is vulnerable if all conditions...

8.1CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-41852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only...

5.3CVSS6.1AI score0.00164EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47661

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications that evaluate user-supplied...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via caching of parsed Spring Expression Language SpEL...

8.2CVSS5.5AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via Spring Expression Language SpEL method invocation handling. An attacker can invoke arbitrary zero-argument methods by supplying crafted SpEL expressions, even in contexts intended to restrict...

6.9CVSS5.7AI score0.00164EPSS
Exploits0References2
Rows per page
Query Builder