6525 matches found
br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +2103 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.3)
org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2025-41248 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKSECURITY-128178...
be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +887 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.1)
org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =0.0.69, =0.0.35, =3.4.0.2 and more Source cves: CVE-2025-41248 Source advisory: OSV:GHSA-8V5Q-RHF3-JPHM...
br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +2103 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.3)
org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2025-41248 Source advisory: OSV:GHSA-8V5Q-RHF3-JPHM...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7897 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=6.2.0 <=6.2.10)
org.springframework:spring-core MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.17.0, =1.17.0, =1.17.0, =3.3.0, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-41249 Source advisory: OSV:GHSA-JMP9-X22R-554X...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +18069 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=6.0.0 <=6.1.21)
org.springframework:spring-core MAVEN version =6.0.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664 =0.2...
Incorrect Authorization
Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Incorrect Authorization via the AnnotationsScanner and AnnotatedMethod class. An attacker can gain unauthorized...
ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +23671 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=6.0.0 <=6.2.10)
org.springframework:spring-core MAVEN version =6.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 and more Source cves: CVE-2025-41249 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-12817817...
Spring Security annotation detection mechanism has authorization bypass
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...
Incorrect Authorization
Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Incorrect Authorization via the annotation detection mechanism when resolving annotations on methods within type...
africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +28896 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=5.3.0 <=5.3.4)
org.springframework:spring-core MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2025-41249 Source advisory: OSV:GHSA-JMP9-X22R-554X...
Spring Framework annotation detection mechanism may result in improper authorization
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
GHSA-8V5Q-RHF3-JPHM Spring Security annotation detection mechanism has authorization bypass
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...
GHSA-JMP9-X22R-554X Spring Framework annotation detection mechanism may result in improper authorization
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
CVE-2025-41243
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
CVE-2025-41243
Spring Cloud Gateway Server Webflux is affected by a vulnerability where unsecured and exposed actuator endpoints allow modification of Spring Environment properties via SpEL, enabling configuration tampering. Affected component: Spring Cloud Gateway Server Webflux (WebFlux; WebMVC is not vulnera...
CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
Vulnerabilities fixed in Spring Framework
VMWare has fixed vulnerabilities in the Spring Security framework. The vulnerabilities are in the way the Spring Security framework detects annotations, particularly in type hierarchies that use parameterized supertypes with unlimited generics. This can lead to authorization bypassing when using...
DEBIAN-CVE-2025-41249
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
CVE-2025-41249
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...