CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

EUVD-2026-35892

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS5.5AI score

Exploits0References2

EUVD•added 7 hours ago•3 views

EUVD-2026-35900

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring Data MongoDB 5.0.0...

8.1CVSS5.5AI score

Exploits0References2

NVD•added 7 hours ago•5 views

CVE-2026-41717

8.1CVSS

Exploits0References1

Cvelist•added yesterday•5 views

CVE-2026-41717 Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

8.1CVSS

Exploits0References1

CVE•added yesterday•7 views

CVE-2026-41717

Spring Data MongoDB contains a SpEL expression injection vulnerability in parameter binding for user-defined repository queries annotated with @Query using a capture-all placeholder. Affected versions include 5.0.0–5.0.5; 4.5.0–4.5.11; 4.4.0–4.4.14; 4.3.0–4.3.16; 4.2.0–4.2.15; 4.1.0–4.1.14; 4.0.0...

8.1CVSS5.5AI score

Exploits0References1

Cvelist•added yesterday•6 views

CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

5.9CVSS

Exploits0References1

CVE•added yesterday•5 views

CVE-2026-41696

Spring Data MongoDB CVE-2026-41696 affects multiple versions (5.0.0–5.0.5; 4.5.0–4.5.11; 4.4.0–4.4.14; 4.3.0–4.3.16; 4.2.0–4.2.15; 4.1.0–4.1.14; 4.0.0–4.0.15; 3.4.0–3.4.19). The issue is insufficient validation of bound parameters in repository query methods annotated with @Query that use regex b...

5.9CVSS5.5AI score

Exploits0References1

Positive Technologies•added yesterday•5 views

PT-2026-48319

8.1CVSS5.5AI score

Exploits0References2

GithubExploit•added 2026/02/18 10:21 a.m.•140 views

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

SpringData - SpEL RCE Exploit - CVE-2022-22980 Exploit pour l...

9.8CVSS5.6AI score0.83316EPSS

Exploits3

IBM Security Bulletins•added 2024/03/22 4:5 p.m.•32 views

Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-2298...

9.8CVSS9.6AI score0.83316EPSS

Exploits3Affected Software1

IBM Security Bulletins•added 2022/11/28 7:52 p.m.•44 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js and Spring Data MongoDB

Summary IBM Planning Analytics Workspace is affected by vulnerabilties in Node.js and Spring Data MongoDB CVE-2022-32212, CVE-2022-32213, CVE-2022-32223, CVE-2022-32214, CVE-2022-32222, CVE-2022-32215, CVE-2022-22980 Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a...

9.8CVSS8.7AI score0.86472EPSS

Exploits8Affected Software1

Spring Engineering•added 2022/07/26 7:0 a.m.•28 views

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

7.2AI score

Exploits0

RedhatCVE•added 2022/06/30 6:35 p.m.•45 views

CVE-2022-22980

A flaw was found in the Spring Data MongoDB. This flaw allows an attacker to perform code injection when an application uses some annotations/query methods with Spring Expression Language SpEL expressions...

9.8CVSS3.6AI score0.83316EPSS

Exploits3References3

vulnersOsv•added 2022/06/24 12:0 a.m.•5 views

cn.airfei.air-core:core (=3.0.0), com.alpactech:mt-mongo (=1.0.0) +40 more potentially affected by CVE-2022-22980 via org.springframework.data:spring-data-mongodb (=3.4.0)

org.springframework.data:spring-data-mongodb MAVEN version =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.data:spring-data-mongodb and may be impacted: - cn.airfei.air-core:core =3.0.0 - com.alpactech:mt-mongo =1.0.0 -...

9.8CVSS7.1AI score0.83316EPSS

Exploits3

vulnersOsv•added 2022/06/24 12:0 a.m.•1 views

ai.platon.commons:distributed-lock-example (>=1.4.2 <=1.4.3), ai.platon.commons:distributed-lock-mongo (>=1.4.2 <=1.4.3) +1242 more potentially affected by CVE-2022-22980 via org.springframework.data:spring-data-mongodb (>=1.0.0.RELEASE <=3.3.4)

org.springframework.data:spring-data-mongodb MAVEN version =1.0.0.RELEASE, =1.4.2, =1.4.2, =1.6.6, =1.6.6, =0.0.1, =0.0.1, =0.9.1, =0.1.0, =0.1.0, =3.0.0.RELEASE, =1.1.13, =2.0.2 and more Source cves: CVE-2022-22980 Source advisory: OSV:GHSA-W24X-87MR-4R23...

9.8CVSS7.1AI score0.83316EPSS

Exploits3

Github Security Blog•added 2022/06/24 12:0 a.m.•36 views

SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...

9.8CVSS3.9AI score0.83316EPSS

Exploits3References3Affected Software1