Lucene search
K

1293 matches found

EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-43556

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday9 views

CVE-2026-62242

CVE-2026-62242 affects Spring Boot Admin Server prior to 4.1.2. The vulnerability is a server-side request forgery in the unauthenticated instance registration flow, where attacker-controlled healthUrl and managementUrl are not validated against private IP ranges or metadata endpoints. This allow...

8.6CVSS6.2AI score
Exploits0References5
Nuclei
Nuclei
added yesterday38 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS7.1AI score0.03847EPSS
Exploits14References5
Nuclei
Nuclei
added yesterday93 views

Spring Boot Actuator Logview Directory Traversal

spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint maven package "eu.hinsch:spring-boot-actuator-logview". id: CVE-2021-21234 info: name: Spring Boot Actuator Logview...

7.7CVSS7AI score0.21173EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday138 views

Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

8.8CVSS7.3AI score0.13035EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday21 views

Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...

9.8CVSS7.5AI score0.74355EPSS
Exploits8References5
OSV
OSV
added 2026/07/03 7:53 a.m.30 views

ROOT-APP-MAVEN-CVE-2026-40973 CVE-2026-40973 in io.root.org.springframework.boot:spring-boot - Patched by Root

Root has patched CVE-2026-40973 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...

7CVSS5.8AI score0.00136EPSS
Exploits0
OSV
OSV
added 2026/07/02 12:30 p.m.4 views

ROOT-APP-MAVEN-CVE-2026-40992 CVE-2026-40992 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root

Root has patched CVE-2026-40992 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...

5CVSS5.8AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/07/02 12:30 p.m.11 views

ROOT-APP-MAVEN-CVE-2026-40976 CVE-2026-40976 in io.root.org.springframework.boot:spring-boot - Patched by Root

Root has patched CVE-2026-40976 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.00489EPSS
Exploits0
OSV
OSV
added 2026/07/02 12:30 p.m.6 views

ROOT-APP-MAVEN-CVE-2026-41001 CVE-2026-41001 in io.root.org.springframework.boot:spring-boot - Patched by Root

Root has patched CVE-2026-41001 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...

5.3CVSS5.8AI score0.00094EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/01 3:46 p.m.19 views

CVE-2026-41001

A flaw was found in Spring Boot. The ArtemisEmbeddedConfigurationFactory component uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can exploit this by pre-creating this predictable directory ...

5.3CVSS5.6AI score0.00094EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/30 12:0 a.m.15 views

This Week in Spring - June 30th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring , a weekly recap in which we review the latest and greatest in the wide and wonderful world of Spring. You probably already knew this. I don't know if I needed to mention it. But I like to. I've been doing this every week,...

5.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/06/23 12:0 a.m.62 views

This Week in Spring - June 23rd, 2026

Hi Spring fans! In this installment, we look at the wide and wonderful world of Spring, as usual, and there's a good amount to get to, fresh off the recent Spring Boot 4.1 generation release train, so let's dive right into it! I wrote a blog post looking at Spring Batch, MongoDB, and Spring Boot...

5.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/06/21 12:0 a.m.28 views

MongoDB-backed Spring Batch jobs and more in Spring Boot 4.1

Spring Batch was introduced many years before MongoDB existed, and its design assumed the presence of a SQL database in which to store the state of Spring Batch jobs. But that was decades ago, and a common question for anyone new to Spring Batch was, "Why does this thing need to talk to a SQL...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/18 9:50 a.m.12 views

ROOT-APP-MAVEN-CVE-2024-38807 CVE-2024-38807 in io.root.org.springframework.boot:spring-boot-loader - Patched by Root

Root has patched CVE-2024-38807 in the io.root.org.springframework.boot:spring-boot-loader package for Root:Maven. Multiple fixed versions available...

6.3CVSS7.3AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/06/18 9:50 a.m.7 views

ROOT-APP-MAVEN-CVE-2026-22733 CVE-2026-22733 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root

Root has patched CVE-2026-22733 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...

8.2CVSS5.2AI score0.0036EPSS
Exploits0
OSV
OSV
added 2026/06/18 9:50 a.m.19 views

ROOT-APP-MAVEN-CVE-2025-22235 CVE-2025-22235 in io.root.org.springframework.boot:spring-boot - Patched by Root

Root has patched CVE-2025-22235 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...

7.3CVSS7.3AI score0.00358EPSS
Exploits0
OSV
OSV
added 2026/06/18 9:49 a.m.7 views

ROOT-APP-MAVEN-CVE-2026-22731 CVE-2026-22731 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root

Root has patched CVE-2026-22731 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...

8.2CVSS5.2AI score0.00334EPSS
Exploits0
OSV
OSV
added 2026/06/18 9:47 a.m.25 views

ROOT-APP-MAVEN-CVE-2023-20883 CVE-2023-20883 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root

Root has patched CVE-2023-20883 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00904EPSS
Exploits0
OSV
OSV
added 2026/06/18 9:36 a.m.69 views

ROOT-APP-MAVEN-CVE-2026-40972 CVE-2026-40972 in io.root.org.springframework.boot:spring-boot-devtools - Patched by Root

Root has patched CVE-2026-40972 in the io.root.org.springframework.boot:spring-boot-devtools package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00262EPSS
Exploits0
Rows per page
Query Builder