Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in VMware Tanzu Spring Framework has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

PT-2025-20921

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile EPMM versions 12.5.0.0 and prior Description A flaw exists in the API component of Ivanti Endpoint Manager Mobile EPMM that allows authenticated attackers to execute arbitrary code through crafted API requests...

This Week in Spring - May 13th, 2025

Hi, Spring fans! As I write this, I'm at the amazing Code Remix event in Miami well, technically Tampa, Florida. I'll also be speaking at the Tampa JUG while I'm there, so look out! After that, I'll be headed back to Europe—a wee bit further north this time—to Stockholm for the amazing JForum...

VulnCheck KEV: CVE-2025-4427

Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring...

Spring gRPC Promoted!

It's a few months since we had a blog about Spring gRPC that wasn't just a release announcement. This one marks the first release since the project was promoted from experimental to a full member of the Spring Portfolio. This doesn't change the way you consume the project, but it has some...

kkFileView 代码问题漏洞

kkFileView is Kaijing Technology kekingcn open source Spring-Boot based on a generic file online preview project . kkFileView 4.4.0 version of the code problem vulnerability , the vulnerability stems from the file/fileUpload in the parameter File of the wrong operation leads to arbitrary file...

CVE-2025-4511

The CVE-2025-4511 entry concerns vector4wang spring-boot-quick up to 20250422, affecting the quick-img2txt component. The vulnerability targets the Img2TxtController.java (ResponseEntity usage) and enables path traversal. Exploitation appears remote and public disclosures exist; vendor did not re...

CVE-2025-4511 vector4wang spring-boot-quick quick-img2txt Img2TxtController.java ResponseEntity path traversal

A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component quick-img2txt. Th...

spring-boot-quick 路径遍历漏洞

spring-boot-quick is a quick learning example framework based on springboot by wangxc individual developer. A path traversal vulnerability exists in spring-boot-quick 20250422 and earlier versions, which stems from vulnerability to path traversal attacks...

PT-2025-20637 · Vector4Wang · Spring-Boot-Quick

Name of the Vulnerable Software and Affected Versions: vector4wang spring-boot-quick up to 20250422 Description: A critical issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the component...

Security Bulletin: VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system and this could affect watsonx.data...

CVE-2025-4328

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

CVE-2025-4328

CVE-2025-4328 affects the Spring Cloud Base project (component: HTTP Header Handler), specifically the function sendBack in MvcController.java. The vulnerability arises from improper handling of the Referer parameter, enabling an open redirect. Impact is described as remote exploitation with the ...

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

CVE-2025-4328 fp2952 spring-cloud-base HTTP Header MvcController.java sendBack redirect

A vulnerability was found in fp2952 spring-cloud-base up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa. It has been declared as problematic. Affected by this vulnerability is the function sendBack of the file...

Missing Authorization

org.springframework.boot is vulnerable to Missing Authorization. The vulnerability is due to incorrect request matching caused by EndpointRequest.to creating a matcher for null/ when the targeted actuator endpoint is disabled or not exposed, which allows unprotected access to the /null path...

PT-2025-19924 · Unknown · Spring-Cloud-Base

Name of the Vulnerable Software and Affected Versions: spring-cloud-base versions up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa Description: A problem has been declared in the function sendBack of the file...

This Week in Spring - May 6th, 2025

Hi, Spring fans! As I write this, I'm winging my way to lovely London, UK, for the amazing Devoxx UK event! I'll be looking at the wide and wonderful world of Springdom. Then, from there, it's off to Code Remix in Miami. I'll also be speaking at the Tampa JUG while I'm there, so look out! After...

spring-cloud-base 安全漏洞

spring-cloud-base is an application by fp2952 individual developer. A security vulnerability exists in spring-cloud-base, which originates in the component HTTP Header Handler in the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/...

CVE-2025-4175

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...