CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

IBM Security Bulletins•added 2026/03/10 10:16 a.m.•2 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-core (CVE-2025-41249)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41249 of spring-core-6.2.6.jar. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...

7.5CVSS5.7AI score0.00112EPSS

Exploits0Affected Software1

Tenable Nessus•added 2026/01/20 12:0 a.m.•4 views

Atlassian Jira Service Management Data Center and Server 11.0.x < 11.2.0 (JSDSERVER-16466)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16466 advisory. - The Spring Security annotation detection mechanism may not correctly resolve annotations on methods...

7.5CVSS7.5AI score0.00112EPSS

Exploits0References2

IBM Security Bulletins•added 2026/01/16 9:33 a.m.•9 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS6.6AI score0.05222EPSS

Exploits0Affected Software1

Tenable Nessus•added 2026/01/07 12:0 a.m.•3 views

Atlassian Confluence 10.1.x< 10.1.1 (CONFSERVER-101485)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101485 advisory. - The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS7.9AI score0.00112EPSS

Exploits0References2

IBM Security Bulletins•added 2025/12/17 2:14 p.m.•6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework [CVE-2025-41249]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework, due to an issue where the annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics...

7.5CVSS6.4AI score0.00112EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/12/05 9:12 a.m.•6 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotatio...

9.1CVSS8.6AI score0.05222EPSS

Exploits0Affected Software1

RedHat Linux•added 2025/12/04 3:7 p.m.•1 views

org.springframework.security/spring-security-core: Spring Security authorization bypass

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

7.5CVSS7.1AI score0.0009EPSS

Exploits0References6

IBM Security Bulletins•added 2025/10/31 8:4 p.m.•3 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Spring (CVE-2025-41249)

Summary A vulnerability in Spring that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...

7.5CVSS6.2AI score0.00112EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/10/31 7:8 p.m.•14 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS7.2AI score0.00294EPSS

Exploits2Affected Software1

RedHat Linux•added 2025/10/14 5:59 p.m.•2 views

org.springframework.security/spring-security-core: Spring Security authorization bypass

7.5CVSS7.1AI score0.0009EPSS

Exploits0References6

Veracode•added 2025/10/10 8:7 a.m.•2 views

Improper Authorization

org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...

7.5CVSS7AI score0.00112EPSS

Exploits0References6Affected Software1

IBM Security Bulletins•added 2025/10/07 7:8 a.m.•4 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-core-6.2.3.jar (CVE-2025-41249)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-core-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The...

7.5CVSS6.4AI score0.00112EPSS

Exploits0Affected Software1