6516 matches found
A Bootiful Podcast: Spring Messaging Legend Soby Chacko
Hi, Spring fans! In this installment, we talk with the legendary Soby Chacko about Apache Kafka, Spring AI, and much more! apachekafka kafka...
EUVD-2026-10499
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
GHSA-RJGH-WGC7-M37J Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
EUVD-2026-10498
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
Summary of CVE-2026-2742 : Vaadin flow-server contains an authentication bypass via the /VAADIN endpoint when accessed without a trailing slash, allowing unauthenticated users to trigger framework initialization and create sessions. Affected products/versions include Vaadin 14.0.0–14.14.0, 23.0.0...
CVE-2026-2742 Unauthorized session creation via reserved framework path access
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742 Unauthorized session creation via reserved framework path access
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-core (CVE-2025-41249)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41249 of spring-core-6.2.6.jar. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-core (CVE-2025-41248)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41248 of spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies...
Security Bulletin: A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase [CVE-2024-38808]
Summary A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase CVE-2024-38808 Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially...
CVE-2026-3789
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
This Week in Spring - March 10th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring. As I write this, I am preparing for a trip to Rust, Germany, for one of the best Java conferences in Europe: JavaLand, along with its new companion event, DevLand. It should be fun. Will you be around? If so, say hi. We have ...
Unauthorized Session Creation via Reserved Framework Path Access
An authentication bypass vulnerability exists in Vaadin applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without a trailing slash bypasses security filters, allowing unauthenticated users to trigger framework...
PT-2026-24206
Name of the Vulnerable Software and Affected Versions Vaadin versions 14.0.0 through 14.14.0 Vaadin versions 23.0.0 through 23.6.6 Vaadin versions 24.0.0 through 24.9.7 Vaadin versions 25.0.0 through 25.0.1 Description An authentication bypass issue exists in applications using Spring Security...
EUVD-2026-10279
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...
This Week in Spring - March 9th, 2026
Hi Spring fans! Welcome to another rip-roaring installment of This Week in Spring! I'm writing this in an Uber en route to the airport to get to awsome Atlanta, GA, for Devnexus 2026! Who's goin'? You goin'? We - the Spring team - will be there in force! Come say hi at the boothes or come see our...