ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +24632 more potentially affected by CVE-2025-25193 via io.netty:netty-common (>=4.0.0.Alpha1 <=4.1.117.Final)

io.netty:netty-common MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

Security Bulletin: Vulnerability in SpringBoot affects watsonx.data

Summary Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-27772 DESCRIPTION: Spring Boot could allow a local authenticated attacker to gain elevated privileges on the system, cause...

This Week in Spring - February 4th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 4th, 2025, as I write this. We are ten days away from Valentine's day, and about a month away from Devnexus. Lots to look forward to, in both the short term and the long term! Let's dive right into this week's...

This Week in Spring - January 28th, 2025

Hi, Spring fans! Welcome to another rip-roarin' and exciting installment of This Week in Spring , wherein we look at the amazing week that was in the Spring community. And what a week it's been! In addition to tons of cool tooling and AI related stuff, this week saw the release of the first steps...

starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which originates from the parameter file file of the UploadController function in the file...

CVE-2024-13202

A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument...

CVE-2024-13200

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

cy-fast 注入漏洞

cy-fast is a SpringBoot based rapid development framework by chenyi personal developer. An injection vulnerability exists in cy-fast version 1.0, which is caused by SQL injection in the parameter order...

PT-2025-2058 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability was found in the HTTP POST Request Handler component, specifically affecting the preHandle function of the BaseInterceptor.java file. This leads to improper access...

SpringBoot-Blog 跨站脚本漏洞

SpringBoot-Blog is a Java blogging system for wand individual developers. A security vulnerability exists in SpringBoot-Blog version 1.0, which originates from the parameter content in file src/main/java/com/my/blog/website/controller/admin/PageController.java that can lead to a cross-site...

cy-fast 注入漏洞

cy-fast is a SpringBoot based rapid development framework by chenyi personal developer. An injection vulnerability exists in cy-fast version 1.0, which is caused by SQL injection in the parameter order...

cy-fast 注入漏洞

cy-fast is a SpringBoot based rapid development framework by chenyi personal developer. An injection vulnerability exists in cy-fast version 1.0, which is caused by SQL injection in the parameter order...

cy-fast SQL注入漏洞

cy-fast is a SpringBoot based rapid development framework by chenyi personal developer. A security vulnerability exists in cy-fast version 1.0, which is caused by a SQL injection in the parameter order...

Hello DCO, Goodbye CLA: Simplifying Contributions to Spring

The Spring team will be rolling out a simplified contribution process that replaces the requirement to sign a Contributor License Agreement CLA with a Developer Certificate of Origin DCO. The process will start this week with Spring Framework, Spring Security, & Spring Boot and then roll out to t...

My-Blog 代码问题漏洞

My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. A code issue vulnerability exists in My-Blog version 1.0, which stems from improper handling of the file parameter,...

cn.herodotus.engine:message-spring-boot-starter (>=2.7.3.4 <=3.0.0-M2), com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1) +217 more potentially affected by CVE-2024-56128 via org.apache.kafka:kafka_2.13 (>=2.4.0 <=3.7.1)

org.apache.kafka:kafka2.13 MAVEN version =2.4.0, =2.7.3.4, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.7.4-SNAPSHOT-35e64fa - com.bisnode.kafka.authorizat...

Under the Radar: Exploring Spring Boot Actuator Misconfigurations

Wiz Threat Research investigates misconfigurations in Spring Boot Actuator’s endpoints that can leak environment variables, passwords, and API keys, and even lead to remote code execution...

Exploit for CVE-2024-38819

CVE-2024-38819: Proof of Concept PoC This is a proof of con...

Introducing Spring AI Amazon Bedrock Nova Integration via Converse API

The Amazon Bedrock Nova models represent a new generation of foundation models supporting a broad range of use cases, from text and image understanding to video-to-text analysis. With the Spring AI Bedrock Converse API integration, developers can seamlessly connect to these advanced Nova models a...

A Bootiful Podcast: Spring Security lead Rob Winch on the amazing Spring Security 6.4 release

Hi, Spring fans! In this installment, we'll talk to the amazing Rob Winch, lead of Spring Security 6.4, about the jam-packed new release! spring springboot security java...