Tmall_demo 安全特征问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security feature issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from insufficient random values in the file /tmall/order/pay/...

Tmall_demo 代码注入漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code injection vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a misbehavior of the component Search Box resulting in cross-site scripting...

Tmall_demo 代码问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadProductImage, resulting in unlimited uploads...

Tmall_demo 安全漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a cross-site request forgery due to misuse of the file tmall/admin/account/logout...

Tmall_demo 代码注入漏洞

Tmalldemo is a Spring Boot based mini Tmall by the projectteam. Tmalldemo 20250505 and previous versions of the code injection vulnerability, the vulnerability stems from the file /tmall/admin/ in the parameter Product Name/Product Title of the wrong operation leads to cross-site scripting...

Tmall_demo 代码问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadCategoryImage, resulting in unlimited uploads...

CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2024-52302

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-29001

In SpringBootMovie =1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability...

CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this librar...

CVE-2021-26987

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services...

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822

The CVE-2025-46822 entry corresponds to an Arbitrary File Read in OsamaTaher/Java-springboot-codebase prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, caused by insufficient path traversal protections. The vulnerability allows reading internal files via absolute paths at the /api/v1/file...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

Java-springboot-codebase 信息泄露漏洞

Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects from osama individual developers. A security vulnerability exists in versions prior to Java-springboot-codebase c835c6f, which stems from an insufficient path traversal mechanism that could...