71 matches found
Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway Desktop Edition.
Summary Multiple vulnerabilities have been found in CICS Transaction Gateway Desktop Edition due to the use of Apache Tomcat Embed, Spring Web MVC, Spring Boot, Spring Core, Spring Context, SnakeYAML, Spring Beans, Logback Classic and Logback Core. The Apache Tomcat Embed, Spring Web MVC, Spring...
ROOT-APP-MAVEN-CVE-2026-41845 CVE-2026-41845 in io.root.org.springframework:spring-core - Patched by Root
Root has patched CVE-2026-41845 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-41249 CVE-2025-41249 in io.root.org.springframework:spring-core - Patched by Root
Root has patched CVE-2025-41249 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-AIKIDO-2026-11158 AIKIDO-2026-11158 in io.root.org.springframework:spring-core - Patched by Root
Root has patched AIKIDO-2026-11158 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +8632 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.7)
org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-41851 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17255206...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +8632 more potentially affected by CVE-2026-41848 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.7)
org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-41848 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254051...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +31266 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=5.3.0 <=5.3.9)
org.springframework:spring-core MAVEN version =5.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2026-41851 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17255206...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +31266 more potentially affected by CVE-2026-41848 via org.springframework:spring-core (>=5.3.0 <=5.3.9)
org.springframework:spring-core MAVEN version =5.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2026-41848 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254051...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23855 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=6.1.0 <=6.2.18)
org.springframework:spring-core MAVEN version =6.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23855 more potentially affected by CVE-2026-41848 via org.springframework:spring-core (>=6.1.0 <=6.2.18)
org.springframework:spring-core MAVEN version =6.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...
Regular Expression Denial of Service (ReDoS)
Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via pattern processing in AntPathMatcher. An attacker can cause denia...
Allocation of Resources Without Limits or Throttling
Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via caching of parsed Spring Expression Language SpEL...
Denial Of Service (DoS)
Spring Core is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient handling of static resource resolution on Windows file systems, where specially crafted requests can take excessive time to process and hold HTTP connections open, leading to resource exhaustion and servic...
Allocation of Resources Without Limits or Throttling
Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via static resource resolution. An attacker can cause denia...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +7260 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.6)
org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-22745 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109618...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +27766 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=6.0.0 <=6.2.17)
org.springframework:spring-core MAVEN version =6.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-core (CVE-2025-41249)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41249 of spring-core-6.2.6.jar. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...
Security Bulletin: Vulnerability in spring-core affects IBM Netezza Appliance
Summary The spring-core package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-41249 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods...
Improper Authorization
org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...