CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

CVE•added 2026/03/19 11:37 p.m.•20 views

CVE-2026-22735

CVE-2026-22735 affects Spring MVC and Spring WebFlux applications via Server-Sent Events (SSE) stream handling. Concrete details in the connected documents show impact on Spring Framework components: Spring Foundation versions 5.3.0–5.3.46, 6.1.0–6.1.25, 6.2.0–6.2.16, and 7.0.0–7.0.5 experience s...

2.6CVSS5.8AI score0.00092EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/19 11:37 p.m.•3 views

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.8AI score0.00092EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/03/19 11:37 p.m.•2 views

CVE-2026-22735

2.6CVSS4.7AI score0.00092EPSS

Exploits0

IBM Security Bulletins•added 2026/03/02 8:30 a.m.•9 views

Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.29 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and i...

9.4CVSS6.9AI score0.2051EPSS

Exploits6Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-4399

Malware in sbrugna...

9.9CVSS9AI score0.00511EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-3041

Malicious code in bioql PyPI...

7.5CVSS6.9AI score0.00846EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2024-0410

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01539EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-3320

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00076EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-2990

Malicious code in bioql PyPI...

6.5CVSS6.9AI score0.00282EPSS

Exploits0References7

NVD•added 2025/08/18 9:15 a.m.•5 views

CVE-2025-41242

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

5.9CVSS0.05222EPSS

Exploits0References1

Vulnrichment•added 2025/08/18 8:47 a.m.•4 views

CVE-2025-41242 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers

5.9CVSS7.2AI score0.05222EPSS

Exploits0References1

Cvelist•added 2025/08/18 8:47 a.m.•6 views

CVE-2025-41242 CVE-2025-41242: Path traversal vulnerability on non-compliant Servlet containers

5.9CVSS0.05222EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:21 a.m.•8 views

CVE-2023-34035

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchersString and multiple servlets, one of them being Spring MVC’s DispatcherServlet. DispatcherServlet is a Spring...

7.3CVSS6.6AI score0.02632EPSS

Exploits1References1

IBM Security Bulletins•added 2025/03/21 6:42 p.m.•15 views

Security Bulletin: Rational Test Virtualization Server and Rational Test Workbench are vulnerable to denial of service due to Spring MVC (CVE-2024-38828)

Summary Rational Test Control Panel RTCP component of Rational Test Virtualization Server and Rational Test Workbench uses Spring MVC which is vulnerable to a denial of service attack CVE-2024-38828. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an...

5.3CVSS8.3AI score0.00076EPSS

Exploits0Affected Software2

Tenable Nessus•added 2025/03/05 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2024-38828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack. CVE-2024-38828 Note that Nessus relies on the presence ...

5.3CVSS6.8AI score0.00076EPSS

Exploits0References3

Spring Engineering•added 2024/11/26 12:0 a.m.•8 views

This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

7.1AI score

Exploits0