1241 matches found
Default Security Bypass
Spring Boot is vulnerable to Default Security Bypass. The vulnerability is due to Spring Boot's default web security being ineffective, where an application with no Spring Security configuration and relying on the default web security filter chain can allow unauthorized access to all endpoints, a...
Improper Control Of Temporary Directory Access
org.springframework.boot, spring-boot is vulnerable to improper control of temporary directory access. The vulnerability is due to inadequate ownership verification of the ApplicationTemp directory when persistent sessions are enabled, which allows a local attacker to gain control of the director...
Improper SSL Hostname Verification
org.springframework.boot, spring-boot-elasticsearch is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by connecting to a malicious Elasticsearch...
Weak Random Value Generation For Secrets (weak PRNG)
Spring Boot is vulnerable to the use of a weak pseudo-random number generator PRNG. The vulnerability is due to the use of predictable random value sources e.g., $random.value, $random.int, $random.long, which allows an attacker to guess or brute-force generated secrets and compromise application...
CVE-2026-40977
A flaw was found in Spring Boot when an application is configured to use ApplicationPidFileWriter. A local attacker with write access to the PID file's location can exploit this vulnerability to corrupt one arbitrary file on the host each time the application is started. This can lead to data...
Timing Attack
org.springframework.boot, spring-boot-devtools is vulnerable to a timing attack. The vulnerability is due to insecure comparison of the DevTools remote secret, which allows an attacker on the same network to exploit timing differences to guess the secret and potentially achieve remote code...
Linux Distros Unpatched Vulnerability : CVE-2026-40970
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch...
CVE-2026-40970
A flaw was found in Spring Boot. When configured to use an SSL Secure Sockets Layer bundle, the Elasticsearch auto-configuration component does not perform hostname verification when establishing a connection to the Elasticsearch server. An attacker on an adjacent network could exploit this by...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4Shell Security Lab — nginx + Coraza WAF Mục đích giáo...
GHSA-8V8J-3HXP-93WR Spring Boot's default security filter chain has no authorization rule with Actuator but without Health
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...
Spring Boot's default security filter chain has no authorization rule with Actuator but without Health
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...
Spring Boot's Cassandra SSL auto-configuration disables TLS hostname verification
Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +4797 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=4.0.0 <=4.0.5)
org.springframework.boot:spring-boot MAVEN version =4.0.0, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +5567 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.5.0 <=3.5.13)
org.springframework.boot:spring-boot MAVEN version =3.5.0, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =0.7.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...
GHSA-5368-6H4H-GR29 Spring Boot's PID file write follows symlinks at predictable default path
When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...
com.devskiller.friendly-id:friendly-id-openfeign (>=2.0.0-alpha3 <=2.0.0-beta5), io.github.bluetape4k:bluetape4k-spring-boot4-cassandra (>=1.5.0 <=1.7.0) +18 more potentially affected by CVE-2026-40977 via org.springframework.boot:spring-boot-cassandra (>=4.0.0 <=4.0.5)
org.springframework.boot:spring-boot-cassandra MAVEN version =4.0.0, =2.0.0-alpha3, =1.5.0, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.5 - org.springframework.boot:spring-boot-starter-data-cassan...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +4797 more potentially affected by CVE-2026-40976 via org.springframework.boot:spring-boot (>=4.0.0 <=4.0.5)
org.springframework.boot:spring-boot MAVEN version =4.0.0, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40976 Source advisory: OSV:GHSA-8V8J-3HXP-93WR...
ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4987 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.13)
org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +4709 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.13)
org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.17.0, =1.17.0, =1.17.0, =0.0.1, =0.0.1, =0.25.7-rc.64, =0.25.7-rc.68 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...
GHSA-M4X9-HX6X-2C43 Spring Boot's random value property source uses a weak PRNG unsuitable for secrets
Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...