CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/08/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-22970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they...

5.3CVSS6.8AI score0.00164EPSS

Exploits1References3

CNNVD•added 2025/08/20 12:0 a.m.•4 views

my-site 安全漏洞

my-site is WinterChenS individual developer's personal website based on springboot 2.0 development, integrated with: personal home page, personal blog, personal works. A security vulnerability exists in my-site version 6c79286, which stems from an authentication bypass that could lead to...

9.8CVSS6.9AI score0.00127EPSS

Exploits1References3

Tenable Nessus•added 2025/08/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2021-22118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by...

7.8CVSS7.2AI score0.00253EPSS

Tenable Nessus•added 2025/08/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2022-22950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cau...

6.5CVSS7AI score0.02461EPSS

Exploits0References3

OpenVAS•added 2025/08/20 12:0 a.m.•2 views

VMware Spring Framework <= 5.3.43, 6.0.0 - 6.0.29, 6.1.0 - 6.1.21, 6.2.0 - 6.2.9 Path Traversal Vulnerability - Linux

5.9CVSS6.6AI score0.05222EPSS

Tenable Nessus•added 2025/08/20 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2022-22978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on...

9.8CVSS7.1AI score0.90224EPSS

Exploits6References2

Tenable Nessus•added 2025/08/20 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-22971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial...

6.5CVSS7AI score0.00247EPSS

Exploits0References3

Spring Engineering•added 2025/08/19 12:0 a.m.•3 views

This Week in Spring - August 19th, 2025

Hi, Spring fans! Welcome to another extra special installment of This Week in Spring - special because the next installment will be delivered from the floors of the Ventian where the extraordinairily awesome SpringOne 2025 event will take place! So, some poetry: T’was the Week Before SpringOne...

7.2AI score

Tenable Nessus•added 2025/08/19 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2018-15756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide suppor...

7.5CVSS7.4AI score0.20127EPSS

Tenable Nessus•added 2025/08/19 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2022-31692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types...

9.8CVSS6.8AI score0.07387EPSS

Exploits3References2

vulnersOsv•added 2025/08/18 9:31 a.m.•3 views

be.dnsbelgium:rdap-server (>=4.0.0 <=4.0.3), be.personify.iam:personify-api (>=1.5.0.RELEASE <=1.5.2.RELEASE) +2804 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.0.0 <=6.0.23)

org.springframework:spring-webmvc MAVEN version =6.0.0, =4.0.0, =1.5.0.RELEASE, =1.5.1.RELEASE, =1.5.0.RELEASE, =2.1.0.RELEASE, =3.0.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =3.4.0 and more Source cves: CVE-2025-41242 Source advisory...

vulnersOsv•added 2025/08/18 9:31 a.m.•4 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +4585 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.21)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2025-41242 Source advisory: OSV:GHSA-R936-GWX5-V52F...

OSV•added 2025/08/18 9:31 a.m.•1 views

GHSA-R936-GWX5-V52F Spring Framework MVC Applications Path Traversal Vulnerability

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet...

5.9CVSS6AI score0.05222EPSS

Exploits0References3

vulnersOsv•added 2025/08/18 9:31 a.m.•2 views

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.timefold.solver:spring-boot-integration-test (>=1.17.0 <=1.18.0) +2033 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.1)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.17.0, =0.0.1, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =2.3.0, =2.3.0, =2.3.0, =2.3.1 - ch.ralscha:extdirectspring =2.1.0 - city.hiperium:functions-parent-pom =1.1.0 - cloud.unione:knife4j-openapi3-jakarta-spring-boot-starter =4.5.0 -...

vulnersOsv•added 2025/08/18 9:31 a.m.•5 views

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10746 more potentially affected by CVE-2025-41242 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.4)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =1.4.2, =1.6.6, =1.6.6.1 - ai.platon:distributed-lock-example =1.4.2 and more Source cves: CVE-2025-41242 Source advisory: OSV:GHSA-R936-GWX5-V52F...