Lucene search
+L

223 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 5:21 a.m.3 views

CVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS6.1AI score0.00821EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 5:21 a.m.38 views

CVE-2026-22738 SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression...

9.8CVSS0.00821EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2025/12/04 12:0 a.m.12 views

Towards Spring Tools 5 - Ready for AI

There is no doubt that AI-based coding assistants are already or will be widely used by developers and within organizations. While the overall outlook is pretty certain, the exact way when and how to use those tools might vary, ranging from extensions for existing IDEs e.g. Copilot for Visual...

7.4AI score
Exploits0
Veracode
Veracode
added 2025/10/24 1:13 p.m.9 views

Expression Language Injection

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection. The vulnerability is due to unsafe SpEL evaluation in routes due to the actuator gateway endpoint being exposed and accessible to untrusted users; attackers can create routes that use SpEL to read environment...

7.5CVSS6.6AI score0.00446EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2025/10/16 2:25 p.m.40 views

CVE-2025-41253

CVE-2025-41253 affects Spring Cloud Gateway Server Webflux: SpEL-enabled routes and unsecured actuator web endpoints can expose environment variables and system properties. Webflux components are vulnerable; WebMVC is not. IBM bulletin lists remediation: upgrade IBM Library Support for Spring to ...

7.5CVSS6.4AI score0.00446EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.10 views

PT-2025-42472

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux is susceptible to a SpEL Spring Expression Language injection issue. This flaw allows unauthenticated attackers to access...

7.5CVSS6.6AI score0.00446EPSS
Exploits0References23
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10357

Malware in sbrugna...

7.2CVSS7AI score0.00703EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: springframework (UTSA-2025-680594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680594 advisory. n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a...

6.5CVSS6.9AI score0.35834EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-6910

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01804EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1417

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.01122EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2544

Malicious code in bioql PyPI...

4.3CVSS7.2AI score0.00536EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0877

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0097EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1628

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.35834EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0603

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.06029EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-20863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may...

6.5CVSS6.7AI score0.01122EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-20861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide...

6.5CVSS6.7AI score0.0097EPSS
Exploits1References3
OSV
OSV
added 2025/05/23 2:0 p.m.4 views

OESA-2025-1557 springframework security update

The spring is based on code pubilshed in Expert One-on-One J2EE Design and Dvelopment by Rod Johnson Wrox, 2002.it is a layered Java/J2ee application framework. Security Fixes: n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a...

6.5CVSS7AI score0.35834EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.9 views

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

9.8CVSS7.5AI score0.06029EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:53 p.m.10 views

CVE-2020-9301

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

8.8CVSS6.6AI score0.01504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:17 p.m.11 views

CVE-2022-23463

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

9.8CVSS7.4AI score0.01804EPSS
Exploits1References1
Rows per page
Query Builder