Tmall_demo 代码问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadCategoryImage, resulting in unlimited uploads...

Tmall_demo 代码注入漏洞

Tmalldemo is a Spring Boot based mini Tmall by the projectteam. Tmalldemo 20250505 and previous versions of the code injection vulnerability, the vulnerability stems from the file /tmall/admin/ in the parameter Product Name/Product Title of the wrong operation leads to cross-site scripting...

CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2024-52302

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-29001

In SpringBootMovie =1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability...

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-26987

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services...

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822

The CVE-2025-46822 entry corresponds to an Arbitrary File Read in OsamaTaher/Java-springboot-codebase prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, caused by insufficient path traversal protections. The vulnerability allows reading internal files via absolute paths at the /api/v1/file...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

Java-springboot-codebase 信息泄露漏洞

Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects from osama individual developers. A security vulnerability exists in versions prior to Java-springboot-codebase c835c6f, which stems from an insufficient path traversal mechanism that could...

MCP Authorization in practice with Spring AI and OAuth2

Last month, we explored how to secure Spring AI MCP Servers1 with the OAuth2 authorization framework. In the conclusion of that article, we mentioned we'd explore using standalone Authorization Servers for MCP Security and deviate from the then-current specification. Since we published the articl...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11627 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...

Security Bulletin: Vulnerabilities in Spring Boot, Spring Security and Spring Framework might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Boot, Spring Security and Spring Framework. Vulnerabilities include an attacker could exploit this vulnerability to execute arbitrary code, obtain system and session information and cause a denial of...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11627 more potentially affected by CVE-2024-38820 +1 more via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...