Lucene search
+L

7514 matches found

RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-41854

A flaw was found in Spring Framework. Due to incorrect host parsing in the UriComponentsBuilder component, applications that process externally provided URL strings may be vulnerable to a Server-Side Request Forgery SSRF attack. An SSRF attack allows an attacker to trick the server into making...

6.5CVSS4.9AI score0.00123EPSS
Exploits0References4
Nuclei
Nuclei
added 13 hours ago41 views

Spring Framework - Path Traversal

Spring Framework MVC applications deployed as WAR or with embedded Servlet containers that do not reject suspicious URI sequences and serve static resources with Spring resource handling contain a path traversal vulnerability, letting attackers access unauthorized files, exploit requires...

5.9CVSS6.2AI score0.01916EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago46 views

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS7.8AI score0.0122EPSS
Exploits0References4
Nuclei
Nuclei
added 13 hours ago6 views

Spring Framework Path Traversal in Functional Web Frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.4AI score0.54862EPSS
Exploits6References3
Nuclei
Nuclei
added 13 hours ago19 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS8.3AI score0.03311EPSS
Exploits0References4
Nuclei
Nuclei
added 13 hours ago38 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS8.3AI score0.03847EPSS
Exploits14References5
Nuclei
Nuclei
added 13 hours ago39 views

WebMvc.fn/WebFlux.fn - Path Traversal

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS7AI score0.14718EPSS
Exploits1References4
Nuclei
Nuclei
added 13 hours ago93 views

Spring Boot Actuator Logview Directory Traversal

spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint maven package "eu.hinsch:spring-boot-actuator-logview". id: CVE-2021-21234 info: name: Spring Boot Actuator Logview...

7.7CVSS7.5AI score0.21173EPSS
Exploits2References6
Nuclei
Nuclei
added 13 hours ago139 views

Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

8.8CVSS8.2AI score0.13035EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago148 views

Spring Security OAuth2 Remote Command Execution

Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote comma...

8.8CVSS8.2AI score0.79176EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago105 views

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

5.9CVSS7.6AI score0.35681EPSS
Exploits1References5
NVD
NVD
added yesterday6 views

CVE-2026-22752

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS0.00493EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday22 views

Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...

9.8CVSS7.5AI score0.74355EPSS
Exploits8References5
Nuclei
Nuclei
added yesterday55 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-44904

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS6.1AI score0.00493EPSS
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-22752

CVE-2026-22752 affects Spring Authorization Server dynamic client registration: versions 7.0.0–7.0.4, 1.5.0–1.5.6, 1.4.0–1.4.9, and 1.3.0–1.3.10, with insufficient validation of client metadata during dynamic registration. This can lead to Stored XSS, SSRF, or Privilege Escalation depending on co...

9.6CVSS6.1AI score0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-22752 Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS0.00493EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago23 views

CVE-2026-50338 Azure Spring Apps Elevation of Privilege Vulnerability

...

8.2CVSS0.00472EPSS
Exploits1References1
CVE
CVE
added 3 days ago8 views

CVE-2026-50338

Technical details are not publicly available in the provided documents. Monitor for updates from official sources.

8.2CVSS6.1AI score0.00472EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-50338 Azure Spring Apps Elevation of Privilege Vulnerability

...

8.2CVSS6.1AI score0.00472EPSS
Exploits1References1
Rows per page
Query Builder