CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 7:13 p.m.•6 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS6.6AI score0.00732EPSS

RedhatCVE•added 2025/05/22 7:13 p.m.•7 views

CVE-2021-22095

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message...

6.5CVSS6.7AI score0.00571EPSS

RedhatCVE•added 2025/05/22 7:13 p.m.•4 views

CVE-2021-22051

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or...

6.5CVSS6.8AI score0.00135EPSS

RedhatCVE•added 2025/05/22 5:0 p.m.•4 views

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS5.9AI score0.00172EPSS

Exploits1

RedhatCVE•added 2025/05/22 8:56 a.m.•7 views

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

9.8CVSS7.4AI score0.00026EPSS

RedhatCVE•added 2025/05/22 5:7 a.m.•6 views

CVE-2013-5979

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php...

5CVSS7AI score0.24188EPSS

Exploits2References1

Spring Engineering•added 2025/05/22 12:0 a.m.•7 views

A Bootiful Podcast: Spring IO founder Sergi Almar on Spring IO 2025

Hi, Spring and Spring I/O fans! In this installment we have the privilege of chatting with friend of the community and legend Sergi Almar about the amazing Spring IO 2025, where this episode was published, and a lot more...

7.3AI score

Spring Engineering•added 2025/05/22 12:0 a.m.•7 views

Spring Data Ahead of Time Repositories

In the past couple of years we have seen heavy investment throughout the Java ecosystem to reduce application startup times. The main focus gravitates around Ahead-of-Time optimizations. May it be condensing code into a GraalVM native executable, capturing already optimized bytecode with...

7.3AI score

Tenable Nessus•added 2025/05/22 12:0 a.m.•21 views

Spring_framework 5.3.x < 5.3.43 / 6.0.x < 6.0.28 / 6.1.x < 6.1.20 / 6.2.x < 6.2.7 (CVE-2025-22233)

The version of Springframework installed on the remote host is prior to 5.3.43, 6.0.28, 6.1.20, or 6.2.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22233 advisory. - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured...

5.3CVSS6.4AI score0.01514EPSS

Exploits1References2

NVD•added 2025/05/21 6:15 p.m.•17 views

CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS0.06841EPSS

Vulnrichment•added 2025/05/21 5:23 p.m.•9 views

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

8.7CVSS6.6AI score0.06841EPSS

CVE•added 2025/05/21 5:23 p.m.•86 views

CVE-2025-46822

The CVE-2025-46822 entry corresponds to an Arbitrary File Read in OsamaTaher/Java-springboot-codebase prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, caused by insufficient path traversal protections. The vulnerability allows reading internal files via absolute paths at the /api/v1/file...

8.7CVSS6.6AI score0.06841EPSS

Cvelist•added 2025/05/21 5:23 p.m.•19 views

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

8.7CVSS0.06841EPSS

OSV•added 2025/05/21 5:23 p.m.•9 views

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

8.7CVSS8.8AI score0.06841EPSS

Exploits4References4

vulnersOsv•added 2025/05/21 3:30 p.m.•3 views

org.coldis.library:persistence (>=2.0.34 <=2.0.38), org.eclipse.hawkbit:hawkbit-ddi-server (>=0.7.0 <=0.8.0) +10 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-aspects (>=6.4.1 <=6.4.4)

org.springframework.security:spring-security-aspects MAVEN version =6.4.1, =2.0.34, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.0 Source cves: CVE-2025-41232 Source advisory: OSV:GHSA-9PP5-9C7G-4R83...

9.1CVSS7.1AI score0.00351EPSS

vulnersOsv•added 2025/05/21 3:30 p.m.•3 views

app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +2660 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.5)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =0.5.8, =0.0.1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.1, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =1.10.0, =1.10.0, =1.10.0, =1.15.1 and more Source cves: CVE-2025-41232 Source advisory: OSV:GHSA-9PP5-9C7G-4R83...

9.1CVSS7.1AI score0.00351EPSS