CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1674 matches found

Vulnrichment•added 2025/06/12 9:14 p.m.•2 views

CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

6.5CVSS6.6AI score0.00294EPSS

Exploits0References3

CVE•added 2025/06/12 9:14 p.m.•216 views

CVE-2025-41234

CVE-2025-41234 : In Spring Framework, versions 6.0.x up to 6.0.28, 6.1.x up to 6.1.20, and 6.2.x up to 6.2.7 are vulnerable to a reflected file download (RFD) attack when a response header uses non-ASCII charset in the filename derived from user input via ContentDisposition.Builder#filename(Strin...

6.5CVSS6.7AI score0.00294EPSS

Exploits0References3

CNNVD•added 2025/06/12 12:0 a.m.•1 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework versions 6.0.5 through 6.2.7, which stems from uncleaned user input in...

6.5CVSS6AI score0.00294EPSS

Exploits0References4

Positive Technologies•added 2025/06/12 12:0 a.m.•2 views

PT-2025-25357 · Unknown · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 6.0.5 through 6.0.28 Spring Framework versions 6.1.0 through 6.1.20 Spring Framework versions 6.2.0 through 6.2.7 Description: The issue allows remote attackers to launch Reflected File Download RFD attacks via...

6.5CVSS6.3AI score0.00294EPSS

Exploits0References16

Spring Engineering•added 2025/06/10 12:0 a.m.•9 views

This Week in Spring - June 10th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's been a busy week indeed since we last spoke! Last week I was in Amsterdam for the IntelliJ IDEA conference and for the JSpring event in Utrecht. Now, I'm in Tokyo, Japan, for the JJUG Spring 2025 event. Importantly: both...

7.1AI score

Exploits0

Broadcom•added 2025/06/10 12:0 a.m.•10 views

Path traversal vulnerability in functional web frameworks (CVE-2024-38819)

Spring Framework is vulnerable to a path traversal issue due to a lack of sufficient sanitization of path sequences processed by the WebMvc.fn or WebFlux.fn functional web frameworks. A remote attacker could submit crafted HTTP requests to an application that serves static resources through the...

7.5CVSS7.1AI score0.93188EPSS

Exploits5

OSV•added 2025/05/23 2:0 p.m.•2 views

OESA-2025-1557 springframework security update

The spring is based on code pubilshed in Expert One-on-One J2EE Design and Dvelopment by Rod Johnson Wrox, 2002.it is a layered Java/J2ee application framework. Security Fixes: n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a...

6.5CVSS7AI score0.02461EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 1:24 a.m.•5 views

CVE-2022-43484

TERASOLUNA Global Framework 1.0.0 Public review version and TERASOLUNA Server Framework for Java Rich 2.0.0.2 to 2.0.5.1 are vulnerable to a ClassLoader manipulation vulnerability due to using the old version of Spring Framework which contains the vulnerability.The vulnerability is caused by an...

7.8CVSS7.4AI score0.00068EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:36 p.m.•3 views

CVE-2021-29500

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

7.5CVSS6.7AI score0.0011EPSS

Exploits0References1

Tenable Nessus•added 2025/05/22 12:0 a.m.•20 views

Spring_framework 5.3.x < 5.3.43 / 6.0.x < 6.0.28 / 6.1.x < 6.1.20 / 6.2.x < 6.2.7 (CVE-2025-22233)

The version of Springframework installed on the remote host is prior to 5.3.43, 6.0.28, 6.1.20, or 6.2.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22233 advisory. - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured...

5.3CVSS6.4AI score0.01514EPSS

Exploits1References2

CISA KEV Catalog•added 2025/05/19 12:0 a.m.•13 views

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework...

7.5CVSS7.2AI score0.91261EPSS

In wildExploits8

OpenVAS•added 2025/05/19 12:0 a.m.•13 views

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Linux

The VMware Spring Framework is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.1CVSS7.7AI score0.00083EPSS

Exploits0References2

OpenVAS•added 2025/05/19 12:0 a.m.•15 views

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Windows

3.1CVSS7.7AI score0.00083EPSS

Exploits0References2

RedhatCVE•added 2025/05/18 8:0 p.m.•40 views

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

5.3CVSS6.9AI score0.01514EPSS

Exploits1References3