CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 4 hours ago•3 views

EUVD-2026-35905

Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...

7.5CVSS5.5AI score

EUVD•added 4 hours ago•2 views

EUVD-2026-35907

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through...

5.3CVSS5.5AI score

EUVD•added 4 hours ago•3 views

EUVD-2026-35910

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14;...

5.3CVSS5.6AI score

NVD•added 4 hours ago•3 views

CVE-2026-41837

NVD•added 4 hours ago•3 views

CVE-2026-41730

NVD•added 4 hours ago•4 views

CVE-2026-41728

7.5CVSS

NVD•added 4 hours ago•3 views

CVE-2026-41729

8.1CVSS

Cvelist•added yesterday•5 views

CVE-2026-41837 Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

CVE•added yesterday•4 views

CVE-2026-41837

CVE-2026-41837 impacts Spring Data REST where the Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not apply Jackson customizations before passing them to Querydsl. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4...

5.3CVSS5.6AI score

Cvelist•added yesterday•6 views

CVE-2026-41730 Spring Data REST exposes persistence-layer internals in error responses

CVE•added yesterday•5 views

CVE-2026-41730

Spring Data REST is the affected component. The CVE describes that it serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence‑layer internals to HTTP clients. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4.4.14; 4...

5.3CVSS5.5AI score

CVE•added yesterday•6 views

CVE-2026-41729

CVE-2026-41729 : Spring Data REST is vulnerable to SpEL expression injection via map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded directly in...

8.1CVSS5.5AI score

Cvelist•added yesterday•7 views

CVE-2026-41729 Spring Data REST SpEL Injection via Map Key in JSON Patch

8.1CVSS

Cvelist•added yesterday•6 views

CVE-2026-41728 Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections

7.5CVSS

CVE•added yesterday•6 views

CVE-2026-41728

Spring Data REST is affected by CVE-2026-41728 due to its JSON Patch (application/json-patch+json) handling not applying the write-access filter to intermediate path segments when resolving multi-segment JSON Pointers. Affected versions include Spring Data REST 3.7.0–3.7.19; 4.3.0–4.3.16; 4.4.0–4...

7.5CVSS5.5AI score