Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

EUVD
EUVDadded yesterday4 views

EUVD-2026-38596

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM. Affected version...

8.8CVSS6.5AI score
Exploits0References1
CVE
CVEadded yesterday17 views

CVE-2026-41862

CVE-2026-41862 affects Spring Statemachine Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) which deserialize persisted StateMachineContext without a class allowlist. This can enable a gadget chain leading to remote code execution inside the application JVM. Affected versions a...

8.8CVSS6.5AI score
Exploits0References1
Spring Security Advisories
Spring Security Advisoriesadded 2023/10/31 12:0 a.m.16 views

This Week in Spring - October 31st, 2023

Hi Spring fans, and Happy Halloween from the Spring team to those who celebrate! I hope your evening is fun and your day free of scary bugs! My friends, we've got some interesting stuff to look at this week so let's dive right into it. A Bootiful Podcast: Mr. Spring in Action, Craig Walls Spring...

7.4AI score
Exploits0
Rows per page
Query Builder