101 matches found
ROOT-APP-MAVEN-CVE-2026-41846 CVE-2026-41846 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2026-41846 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-41844 CVE-2026-41844 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2026-41844 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22741 CVE-2026-22741 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2026-22741 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-38828 CVE-2024-38828 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2024-38828 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-41242 CVE-2025-41242 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2025-41242 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22737 CVE-2026-22737 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2026-22737 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-20860 CVE-2023-20860 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2023-20860 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +2427 more potentially affected by CVE-2026-41844 via org.springframework:spring-webmvc (>=7.0.0-M1 <=7.0.7)
org.springframework:spring-webmvc MAVEN version =7.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.10.2 and more Source cves: CVE-2026-41844 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254121...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +9046 more potentially affected by CVE-2026-41842 via org.springframework:spring-webmvc (>=6.1.0 <=6.2.18)
org.springframework:spring-webmvc MAVEN version =6.1.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-41842 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254544...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +2427 more potentially affected by CVE-2026-41842 via org.springframework:spring-webmvc (>=7.0.0-M1 <=7.0.7)
org.springframework:spring-webmvc MAVEN version =7.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.10.2 and more Source cves: CVE-2026-41842 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254544...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +2427 more potentially affected by CVE-2026-41846 via org.springframework:spring-webmvc (>=7.0.0-M1 <=7.0.7)
org.springframework:spring-webmvc MAVEN version =7.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.10.2 and more Source cves: CVE-2026-41846 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254062...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +9046 more potentially affected by CVE-2026-41844 via org.springframework:spring-webmvc (>=6.1.0 <=6.2.18)
org.springframework:spring-webmvc MAVEN version =6.1.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-41844 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254121...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +11591 more potentially affected by CVE-2026-41842 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.9)
org.springframework:spring-webmvc MAVEN version =5.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.2, =1.4.2, =1.6.6, =1.6.6.1 - ai.platon:distributed-lock-example =1.4.2 and more Source cves: CVE-2026-41842 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-1725454...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +9046 more potentially affected by CVE-2026-41846 via org.springframework:spring-webmvc (>=6.1.0 <=6.2.18)
org.springframework:spring-webmvc MAVEN version =6.1.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-41846 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254062...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +11591 more potentially affected by CVE-2026-41846 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.9)
org.springframework:spring-webmvc MAVEN version =5.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.2, =1.4.2, =1.6.6, =1.6.6.1 - ai.platon:distributed-lock-example =1.4.2 and more Source cves: CVE-2026-41846 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-1725406...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +11591 more potentially affected by CVE-2026-41844 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.9)
org.springframework:spring-webmvc MAVEN version =5.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.2, =1.4.2, =1.6.6, =1.6.6.1 - ai.platon:distributed-lock-example =1.4.2 and more Source cves: CVE-2026-41844 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-1725412...
Cross-site Scripting (XSS)
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via...
Open Redirect
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Open Redirect via view resolution for "/...
Allocation of Resources Without Limits or Throttling
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits o...
Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable to cache poisoning when resolving static resources.
Summary spring-webmvc-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22741. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be...