6517 matches found
Exploit for Code Injection in Vmware Spring_Framework
Python Firewall for Spring4Shell CVE-2022-22965 Mitigation...
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +25 more potentially affected by CVE-2025-10044 via org.keycloak:keycloak-account-ui (>=21.1.1 <=26.2.5)
org.keycloak:keycloak-account-ui MAVEN version =21.1.1, =2.5.6-24.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.1.0, =26.2.5 a...
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +34 more potentially affected by CVE-2025-10044 via org.keycloak:keycloak-admin-ui (>=15.1.0 <=26.2.5)
org.keycloak:keycloak-admin-ui MAVEN version =15.1.0, =2.5.6-24.0, =0.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.2.5 and more Source cv...
CVE-2025-41253
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
EUVD-2025-34761
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection...
ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +37 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.3.0 <=4.3.1)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =1.8.9, =0.12.1, =0.12.1, =0.12.10, =3.10.0, =3.11.0 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...
GHSA-7FCH-4F2F-JCGM Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), at.researchstudio.sat:won-owner (=0.3) +2227 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=4.0.0.RELEASE <=5.3.39)
org.springframework:spring-websocket MAVEN version =4.0.0.RELEASE, =4.4.0.0, =3.4.0, =5.6.5, =4.1.0, =4.1.0, =3.6.0, =1.4, =5.3.0, =6.2.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...
Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +45 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.5)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =1.6.0, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...
ai.driftkit:driftkit-workflow-controllers (>=0.7.5 <=0.8.7), ai.driftkit:driftkit-workflow-engine-spring-boot-starter (>=0.7.0 <=0.8.7) +500 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.1.0 <=6.1.21)
org.springframework:spring-websocket MAVEN version =6.1.0, =0.7.5, =0.7.0, =1.0.2, =1.0.42, =1.0.2, =1.0.2, =1.0.42, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =7.6.0, =8.4.3 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...
at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2), cc.allio.uno:uno-starter-websocket (>=1.1.9 <=1.2.1) +710 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.2.0 <=6.2.11)
org.springframework:spring-websocket MAVEN version =6.2.0, =0.0.1, =1.1.9, =1.1.9, =3.5.5.3, =3.4.0.0, =3.4.0.0, =3.5.5.3, =1.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...
cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +99 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.10.RELEASE <=3.1.10)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.10.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +87 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.1.9)
org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =1.0.0, =1.0.0, =2023.4.1.0, =1.0.5, =1.0.4, =15.0-RELEASE, =1.0.0, =0.1.0, =4.0.5, =0.9.0, =0.9.0, =0.11.0 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...
br.com.m4rc310:br-com-m4rc310-gql (=1.0.58), br.com.m4rc310:br-com-m4rc310-gtim (=1.0.58) +267 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.0.0 <=6.0.21)
org.springframework:spring-websocket MAVEN version =6.0.0, =3.1.1.0, =3.1.1.0, =2.0.35, =0.0.11, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.8.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...
CVE-2025-41253
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
DEBIAN-CVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
CVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...
UBUNTU-CVE-2025-41254
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...