6502 matches found
ROOT-APP-MAVEN-CVE-2024-38807 CVE-2024-38807 in io.root.org.springframework.boot:spring-boot-loader - Patched by Root
Root has patched CVE-2024-38807 in the io.root.org.springframework.boot:spring-boot-loader package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22733 CVE-2026-22733 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22733 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22731 CVE-2026-22731 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22731 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
PT-2026-42931
A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...
jasypt-spring-boot 安全漏洞
jasypt-spring-boot is an integration tool developed by Ulises Bocchio, a personal developer, that provides attribute encryption support for Spring Boot applications. There are security vulnerabilities in versions of jasypt-spring-boot 3.0.5 and earlier, as well as versions 4.0.4 and earlier. Thes...
Improper Input Validation
com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Threat Sandbox CVE-2022-22965 Overview Thi...
Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016711)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016711 advisory. Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests ...
Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016731)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016731 advisory. In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux [CVE-2026-22737]
Summary IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux, where template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views CVE-2026-22737...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to stream corruption in Spring MVC and WebFlux [CVE-2026-22735]
Summary IBM Watson Speech Services Cartridge is vulnerable to stream corruption in Spring MVC and WebFlux when using Server-Sent Events SSE CVE-2026-22735. Spring MVC and WebFlux are used in our speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...
CVE-2026-40975
A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...
ROOT-APP-MAVEN-CVE-2024-22234 CVE-2024-22234 in io.root.org.springframework.security:spring-security-core - Patched by Root
Root has patched CVE-2024-22234 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...
A Bootiful Podcast: Hadi Hariri, Jetbrains legend
Hi Spring and Kotlin fans! In this installment, I have the privilege of talking to my old friend and JetBrains legend Hadi Hariri, recorded live from Kotlin Conf 2026 in Munich, Germany! kotlin jvm java springboot...
HOV4X
HOV4X HOVAX - 45 Modules Security Toolkit for Penetration Test...
CVE-2026-8759
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...
This Week in Spring - May 19th, 2026
Hi Spring fans! Welcome to another installment of This Week in Spring!, this one written from the back of a taxi racing to the local Frankfurt train station, where I'll take a train to Munich for the amazing Kotlin Conf 2026 edition, where I'll be part of the keynote and deliver a talk on the...
Spring Office Hours Podcast: S5E16 - May Release Train Shift & What's Coming in Spring Boot 4.1
Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun break down the recently announced shift of the May release train from May 11-22 to June 1-5, and what that means for your upgrade planning across the Spring portfolio. They also dig...
org.springaicommunity:mcp-client-security-boot (=0.1.4), org.springaicommunity:mcp-client-security-spring-boot (=0.1.5) potentially affected by CVE-2026-45609 via org.springaicommunity:mcp-client-security (>=0.1.4 <=0.1.5)
org.springaicommunity:mcp-client-security MAVEN version =0.1.4, =0.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.springaicommunity:mcp-client-security and may be impacted: - org.springaicommunity:mcp-client-security-boot =0.1.4 -...
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...