1674 matches found
Security Bulletin: IBM Operational Decision Manager for March 2026 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-41254...
CVE-2026-22737
A flaw was found in Spring Framework. When Java scripting engine enabled template views such as those using JRuby or Jython are used in Spring MVC and Spring WebFlux applications, a remote attacker can exploit this to disclose sensitive content from files located outside the intended script...
Linux Distros Unpatched Vulnerability : CVE-2026-22737
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +9908 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.0.0 <=6.2.16)
org.springframework:spring-webmvc MAVEN version =6.0.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701845...
acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +4 more potentially affected by CVE-2026-22737 via springframework:spring-webmvc (>=1.1.3 <=1.2.1)
springframework:spring-webmvc MAVEN version =1.1.3, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701846...
GHSA-4773-3JFM-QMX3 Spring Framework Improper Path Limitation with Script View Templates
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
Spring Framework Improper Path Limitation with Script View Templates
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +4858 more potentially affected by CVE-2026-22735 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.16)
org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22735 Source advisory: OSV:GHSA-6HCQ-HMM3-JJ3C...
EUVD-2026-13406
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
DEBIAN-CVE-2026-22737
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
CVE-2026-22737
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
CVE-2026-22735
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...
CVE-2026-22735
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...
UBUNTU-CVE-2026-22735
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...
Spring Framework 安全漏洞
The Spring Framework is an application development framework developed by Spring in open source. There are security vulnerabilities in Spring Framework versions 7.0.5 and earlier, 6.2.16 and earlier, 6.1.25 and earlier, and 5.3.46 and earlier. These vulnerabilities stem from the use of Java scrip...
CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates
Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...
CVE-2026-22737
CVE-2026-22737 affects Spring Framework components that render script template views via a Java scripting engine (e.g., JRuby, Jython) in Spring MVC and Spring WebFlux. The issue allows disclosure of content from files outside configured script template view locations due to the scripting engine ...
CVE-2026-22735 Server Sent Event stream corruption
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...
acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +5 more potentially affected by CVE-2026-22735 via springframework:spring-web (>=1.0.1 <=1.2.1)
springframework:spring-web MAVEN version =1.0.1, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701758...