6502 matches found
EUVD-2026-33734
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...
CVE-2026-40990 Unbounded cache for function definitions
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...
CVE-2026-40990
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...
CVE-2026-40990 Unbounded cache for function definitions
OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...
CVE-2026-40990
CVE-2026-40990 is an OOM vulnerability in Spring Cloud Function when building an unbounded number of functions in the Function Registry. Affected are Spring Cloud Function 3.2.x (pre-3.2.16), 4.1.x (pre-4.1.10), 4.2.x (pre-4.2.6), 4.3.x (pre-4.3.3), and 5.0.x (pre-5.0.2); older unsupported versio...
CVE-2026-40989 Self Routing guard bypassed via function composition
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...
CVE-2026-40989 Self Routing guard bypassed via function composition
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...
CVE-2026-40989
CVE-2026-40989 affects Spring Cloud Function lineages (3.2.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x) with older/unsupported versions also impacted. The issue is an infinite recursion in the routing layer that can cause an Out-Of-Memory (OOM) condition during request handling. The root cause is not fully dis...
EUVD-2026-33733
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...
CVE-2026-40989
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...
ROOT-APP-MAVEN-CVE-2024-38819 CVE-2024-38819 in io.root.org.springframework:spring-webflux - Patched by Root
Root has patched CVE-2024-38819 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-22259 CVE-2024-22259 in io.root.org.springframework:spring-web - Patched by Root
Root has patched CVE-2024-22259 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-20860 CVE-2023-20860 in io.root.org.springframework:spring-webmvc - Patched by Root
Root has patched CVE-2023-20860 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-22262 CVE-2024-22262 in io.root.org.springframework:spring-web - Patched by Root
Root has patched CVE-2024-22262 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-38816 CVE-2024-38816 in io.root.org.springframework:spring-webflux - Patched by Root
Root has patched CVE-2024-38816 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...
CVE-2026-42588
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...
CVE-2026-45505
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...
UBUNTU-CVE-2026-45505
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...
UBUNTU-CVE-2026-42588
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...
CVE-2026-42588 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy...