CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1123 matches found

Tenable Nessus•added 2025/08/18 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2023-20860

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismat...

7.5CVSS6.8AI score0.56284EPSS

Exploits1References3

Tenable Nessus•added 2025/08/11 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2025-22235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your...

7.3CVSS6.9AI score0.00179EPSS

Exploits0References2

IBM Security Bulletins•added 2025/08/01 4:1 p.m.•9 views

Security Bulletin: Vulnerability with spring-security-crypto and jinja affect IBM Cloud Object Storage Systems (July 2025)

Summary Vulnerability with spring-security-crypto CVE-2025-22228 and jinja CVE-2025-27516 . This vulnerability has been addressed in the latest ClevOS release. Vulnerability Details CVEID:CVE-2025-22228 DESCRIPTION: BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for...

8.8CVSS7.6AI score0.00121EPSS

Exploits0Affected Software1

Spring Engineering•added 2025/07/31 12:0 a.m.•3 views

A Bootiful Podcast: Spring Security lead Rob Winch on Spring Security 7.0, SpringOne 2025, and more

Hi, Spring fans! In this installment I'm joined by Spring Security lead Rob Winch to discuss the amazing new additions to Spring Security 7.0, coming in November of 2025, and the coverage you can expect when you see our talk at SpringOne 2025 have you registered - https://springone.io ?...

7.1AI score

Exploits0

F5 Networks•added 2025/07/29 2:21 p.m.•6 views

K000152799: Spring Security vulnerability CVE-2024-38810

Security Advisory Description Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective. CVE-2024-38810 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...

7.5CVSS6.4AI score0.00968EPSS

Exploits0

Gitee•added 2025/07/27 3:22 a.m.•159 views

java-sec-code

This is an offensive tool for Java web applications. It is a collection of Java web common vulnerabilities and security code, based on Spring Boot and Spring Security. The repository contains various types of vulnerabilities, including actuators to RCE, command inject, CORS, CRLF injection, CSRF,...

7.4AI score

Exploits0

IBM Security Bulletins•added 2025/07/25 12:45 p.m.•4 views

Security Bulletin: Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations. This may cause an authorization bypass, which affects IBM watsonx.data

Summary Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized...

5.3CVSS5.2AI score0.00033EPSS

Exploits0Affected Software1

Spring Engineering•added 2025/07/22 12:0 a.m.•6 views

This Week in Spring - July 22nd, 2025

Hi, Spring fans! It's almost SpringOne time!! AAAAH it's all moving so quickly! I can hardly stand it. SpringOne's next month, in lovely Las Vegas, and I'll be there. Will you? Have you registered? We'll be looking at the impending Spring Boot 4.0 and Spring Framework 7.0 releases! It's going to ...

7.1AI score

Exploits0

IBM Security Bulletins•added 2025/07/10 8:57 a.m.•6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in...

4.8CVSS6.5AI score0.00399EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/07/08 6:49 a.m.•7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-web-5.8.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-web-5.8.5.jar Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstance...

9.1CVSS6.6AI score0.1309EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/07/07 10:28 p.m.•5 views

Security Bulletin: Security Vulnerability in Authorization Rules in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-38827)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially...

4.8CVSS6.7AI score0.00399EPSS

Exploits0Affected Software1

RedHat Linux•added 2025/07/01 4:53 p.m.•6 views

spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length