acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +4 more potentially affected by CVE-2026-22735 via springframework:spring-webmvc (>=1.1.3 <=1.2.1)

springframework:spring-webmvc MAVEN version =1.1.3, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701757...

PT-2026-26455

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.5 Spring Framework versions 6.2.0 through 6.2.16 Spring Framework versions 6.1.0 through 6.1.25 Spring Framework versions 5.3.0 through 5.3.46 Description The use of Java scripting engine enabled...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability exists in the handling of Server-Sent Events SSE when streaming plain text data. An attacker can inject crafted data int...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 · Spring4Shell 취약점 교육 실습 ⚠️ 경고 Warning...

org.atmosphere.samples:atmosphere-spring-boot-rag-chat (>=4.0.14 <=4.0.19), org.springaicommunity:tool-searcher-vectorstore (>=2.0.0 <=2.0.1) +54 more potentially affected by CVE-2026-22729 via org.springframework.ai:spring-ai-vector-store (>=2.0.0-M1 <=2.0.0-M2)

org.springframework.ai:spring-ai-vector-store MAVEN version =2.0.0-M1, =4.0.14, =2.0.0, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M2 and more Source c...

This Week in Spring - March 9th, 2026

Hi Spring fans! Welcome to another rip-roaring installment of This Week in Spring! I'm writing this in an Uber en route to the airport to get to awsome Atlanta, GA, for Devnexus 2026! Who's goin'? You goin'? We - the Spring team - will be there in force! Come say hi at the boothes or come see our...

Exploit for Code Injection in Vmware Spring_Framework

🚨 CVE-2022-22965 - "Spring4Shell" !CVEhttps://img.shield...

Optimizations in Spring MVC

Spring Fruits Benchmark Abstract Benchmarks are tricky to do well, and the results are often hard to interpret. This analysis attempts to go beyond a simple headline number to explore how performance varies with data set size. The results show that while results might be disappointing for a given...

Exploit for Code Injection in Vmware Spring_Framework

ДЗ 10 — Python для аналитиков ИБ: эксплойты Описание уязви...

Atlassian Confluence 7.19.x < 9.2.14 / 9.2.15 / 9.3.x < 10.2.3 / 10.2.6 (CONFSERVER-102132)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102132 advisory. - The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

This Week in Spring - February 17th, 2026

Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring! It's Lunar New Year or Chinese New Year for billions of people around the world and to those who celebrate, Happy Chinese/Lunar New Year 新年快乐! Or Happy Spring Festival 春节快乐! My favorite kind of festival! In honor ...

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

Exploit for Code Injection in Vmware Spring_Framework

No d...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2016-1000027,CVE-2024-22243,CVE-2024-22259,CVE-2024-38809,CVE-2024-22262,CVE-2024-38820,CVE-2024-38828)

Summary Spring MVC controller vulnerable to potential remote code execution RCE , DoS attack and DataBinder Case Sensitive Match Exception. Applications that use UriComponentsBuilder to parse an externally provided URL may be vulnerable to a open redirect...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2024-38820,CVE-2025-22233)

Summary Spring MVC controller vulnerable to a DoS attack and DataBinder Case Sensitive Match Exception. These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However,...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Data management console

Summary IBM Db2 Data management console has several dependent packages with vulnerabilities. This bulletin describes the upgrades necessary to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This iss...

Spring Framework DoS (CVE-2024-38808, CVE-2024-38809 and CVE-2024-22262)

The Spring Framework vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the Brocade SANnav 3.0.0...

CVE-2026-1225 Malicious logback.xml configuration file allows instantiation of arbitrary classes

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially...

CVE-2026-1225

CVE-2026-1225 affects logback-core (up to and including 1.5.24) used in Java applications. The issue enables an attacker to instantiate arbitrary classes present on the user’s class path by compromising an existing logback configuration file. Exploitation requires the attacker to have write acces...

Oracle Primavera Unifier (January 2026 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache Tika. Supported versions th...