1674 matches found
This Week in Spring - October 21st, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the fantastic Vaadin Create conference here in Frankfurt, Germany. What an amazing show and community. Since we last spoke, I have been in Boston; New York city; Sofia, Bulgaria; Krakow, Poland; and now...
spring4shell-poc
s...
Exploit for Code Injection in Vmware Spring_Framework
Python Firewall for Spring4Shell CVE-2022-22965 Mitigation...
GHSA-7FCH-4F2F-JCGM Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
CVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
DEBIAN-CVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
UBUNTU-CVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
CVE-2025-41254
CVE-2025-41254 affects Spring Framework STOMP over WebSocket. The vulnerability allows a security bypass to send unauthorized messages. Affected versions are Spring Framework 6.2.0–6.2.11, 6.1.0–6.1.23, 6.0.x–6.0.29, and 5.3.0–5.3.45; older unsupported versions are also affected. Remediation requ...
EUVD-2025-34768
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
CVE-2025-41254 Spring Framework STOMP CSRF Vulnerability
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
CVE-2025-41254 Spring Framework STOMP CSRF Vulnerability
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
CVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
Spring Framework 安全漏洞
Spring Framework is a Spring open source application development framework. A security vulnerability exists in Spring Framework versions 6.2.0 through 6.2.11, 6.1.0 through 6.1.23, 6.0.x through 6.0.29, and 5.3.0 through 5.3.45, which stems from a possible security bypass in a STOMP over WebSocke...
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.
Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Security Bulletin: Multiple vulnerabilities in Spring may affect IBM Business Automation Workflow - CVE-2024-38820, CVE-2025-22233
Summary IBM Business Automation Workflow packages vulnerable copies of Spring framework. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptio...
EUVD-2025-31861
A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-web-6.2.3.jar(CVE-2025-41234)
Summary IBM Sterling Connect:Direct Web Services is vulnerable to a reflected file download RFD attack in spring-web-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x a...
EUVD-2020-0253
Malware in sbrugna...