UBUNTU-CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

Spring Framework 安全漏洞

The Spring Framework is an application development framework developed by Spring in open source. There are security vulnerabilities in Spring Framework versions 7.0.5 and earlier, 6.2.16 and earlier, 6.1.25 and earlier, and 5.3.46 and earlier. These vulnerabilities stem from the use of Java scrip...

CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

CVE-2026-22737

CVE-2026-22737 affects Spring Framework components that render script template views via a Java scripting engine (e.g., JRuby, Jython) in Spring MVC and Spring WebFlux. The issue allows disclosure of content from files outside configured script template view locations due to the scripting engine ...

CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

CVE-2026-22735 Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +5 more potentially affected by CVE-2026-22735 via springframework:spring-web (>=1.0.1 <=1.2.1)

springframework:spring-web MAVEN version =1.0.1, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701758...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability exists in the handling of Server-Sent Events SSE when streaming plain text data. An attacker can inject crafted data int...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +4 more potentially affected by CVE-2026-22735 via springframework:spring-webmvc (>=1.1.3 <=1.2.1)

springframework:spring-webmvc MAVEN version =1.1.3, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701757...

PT-2026-26455

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.5 Spring Framework versions 6.2.0 through 6.2.16 Spring Framework versions 6.1.0 through 6.1.25 Spring Framework versions 5.3.0 through 5.3.46 Description The use of Java scripting engine enabled...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 · Spring4Shell 취약점 교육 실습 ⚠️ 경고 Warning...

com.alibaba.cloud.ai:spring-ai-alibaba-analyticdb-store (=2.0.0-M1.1), com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-dashscope (=2.0.0-M1.1) +83 more potentially affected by CVE-2026-22729 via org.springframework.ai:spring-ai-vector-store (>=2.0.0-M1 <=2.0.0-M2)

org.springframework.ai:spring-ai-vector-store MAVEN version =2.0.0-M1, =2.0.0-M2 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.ai:spring-ai-vector-store and may be impacted: - com.alibaba.cloud.ai:spring-ai-alibaba-analyticdb-stor...

This Week in Spring - March 9th, 2026

Hi Spring fans! Welcome to another rip-roaring installment of This Week in Spring! I'm writing this in an Uber en route to the airport to get to awsome Atlanta, GA, for Devnexus 2026! Who's goin'? You goin'? We - the Spring team - will be there in force! Come say hi at the boothes or come see our...

Exploit for Code Injection in Vmware Spring_Framework

🚨 CVE-2022-22965 - "Spring4Shell" !CVEhttps://img.shield...

Optimizations in Spring MVC

Spring Fruits Benchmark Abstract Benchmarks are tricky to do well, and the results are often hard to interpret. This analysis attempts to go beyond a simple headline number to explore how performance varies with data set size. The results show that while results might be disappointing for a given...

Exploit for Code Injection in Vmware Spring_Framework

ДЗ 10 — Python для аналитиков ИБ: эксплойты Описание уязви...

Atlassian Confluence 7.19.x < 9.2.14 / 9.2.15 / 9.3.x < 10.2.3 / 10.2.6 (CONFSERVER-102132)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102132 advisory. - The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

This Week in Spring - February 17th, 2026

Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring! It's Lunar New Year or Chinese New Year for billions of people around the world and to those who celebrate, Happy Chinese/Lunar New Year 新年快乐! Or Happy Spring Festival 春节快乐! My favorite kind of festival! In honor ...

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

Exploit for Code Injection in Vmware Spring_Framework

No d...