EUVD-2023-2816

Malicious code in bioql PyPI...

EUVD-2023-1423

Malicious code in bioql PyPI...

CicadasCMS 代码注入漏洞

CicadasCMS is a content management framework based on SpringBoot Mybatis SpringSecurity Vue developed by westboy individual developers in China. A code injection vulnerability exists in CicadasCMS version 1.0, which originates from the incorrect operation of the parameter categoryName in the file...

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +887 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.1)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =0.0.69, =0.0.35, =3.4.0.2 and more Source cves: CVE-2025-41248 Source advisory: OSV:GHSA-8V5Q-RHF3-JPHM...

br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +2103 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.3)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2025-41248 Source advisory: OSV:GHSA-8V5Q-RHF3-JPHM...

br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +2103 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.3)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2025-41248 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKSECURITY-128178...

Spring Security annotation detection mechanism has authorization bypass

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

Incorrect Authorization

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Incorrect Authorization via the annotation detection mechanism when resolving annotations on methods within type...

GHSA-8V5Q-RHF3-JPHM Spring Security annotation detection mechanism has authorization bypass

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

Vulnerabilities fixed in Spring Framework

VMWare has fixed vulnerabilities in the Spring Security framework. The vulnerabilities are in the way the Spring Security framework detects annotations, particularly in type hierarchies that use parameterized supertypes with unlimited generics. This can lead to authorization bypassing when using...

CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

CVE-2025-41248

The connected IBM security bulletins confirm CVE-2025-41248 is a Spring Framework annotation resolution issue affecting methods in type hierarchies with parameterized unbounded generics, potentially bypassing authorization when using EnableMethodSecurity (e.g., @PreAuthorize). Remediation via IBM...

Spring Security 安全漏洞

Spring Security is a Spring open source security framework with authentication and authorization capabilities. A security vulnerability exists in Spring Security that stems from the annotation detection mechanism not being able to correctly resolve annotations for methods in generic superclasses,...

PT-2025-37862

Name of the Vulnerable Software and Affected Versions Spring Framework affected versions not specified Description The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type. This can lead to an...

PT-2025-37861

Name of the Vulnerable Software and Affected Versions Spring Framework affected versions not specified Description The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type. This can lead to an...

Spring Authorization Server moving to Spring Security 7.0

Spring Authorization Server has come a long way since 1.0 was officially released in November 2022. Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers. It ha...

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

Security Bulletin: EndpointRequest.to() creates a matcher for null/** if the actuator endpoint is disabled or not exposed, which affects IBM watsonx.data

Summary EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used i...

Linux Distros Unpatched Vulnerability : CVE-2022-31690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certai...