CVE-2025-4175

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...

CVE-2025-4175 AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal

A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file...

CVE-2025-4175

CVE-2025-4175 affects AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. The vulnerability is in the function uploadUserProfileImage of the file UserProfileController.java within the Upload Profile API Endpoint. Manipulation of the File argument leads to a path traversal, enabling a remote at...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a denial of service in VMware Tanzu Spring [CVE-2024-38809]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in VMware Tanzu Spring, caused by improper input validation CVE-2024-38809. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to weak security in VMware Tanzu Spring [CVE-2024-38820]

Summary IBM Watson Speech Services Cartridge is vulnerable to weak security in VMware Tanzu Spring, caused by a flaw related to disallowedFields patterns and case insensitivity in DataBinder CVE-2024-38820. VMware Tanzu Spring is used in our Speech microservices. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an authorization bypass in VMware Tanzu Spring [CVE-2024-38827]

Summary IBM Watson Speech Services Cartridge is vulnerable to an authorization bypass in VMware Tanzu Spring, due to Locale dependent exceptions in the usage of usage of String.toLowerCase and String.toUpperCase CVE-2024-38827. VMware Tanzu Spring is used in our Speech microservices. This...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38819]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web framework: WebMvc.fn or WebFlux.fn CVE-2024-38819. VMware Tanzu Spring is used in our Speech microservices. This...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a security information disclosure in VMware Tanzu Spring [CVE-2024-38816]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security information disclosure in VMware Tanzu Spring, due to path traversal exposures through the functional web frameworks: WebMvc.fn or WebFlux.fnCVE-2024-38816. VMware Tanzu Spring is used in our Speech microservices. This...

Security Bulletin:VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data

Summary VMware Tanzu Spring Framework could provide weaker than expected securitycaused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could...

PT-2025-18711 · Alanbinu007 · Spring-Boot-Advanced-Projects

Name of the Vulnerable Software and Affected Versions: AlanBinu007 Spring-Boot-Advanced-Projects versions up to 3.1.3 Description: A critical vulnerability was found in AlanBinu007 Spring-Boot-Advanced-Projects, affecting the function uploadUserProfileImage of the file...

Spring-Boot-Advanced-Projects 路径遍历漏洞

Spring-Boot-Advanced-Projects is a Spring Boot application by Alan Binu, an individual developer. A path traversal vulnerability exists in Spring-Boot-Advanced-Projects 3.1.3 and earlier versions, which stems from an incorrect operation of the file upload feature that results in path traversal...

A Bootiful Podcast: Spring instructor Mary Ellen Bowman

Hi, Spring fans! In this installment I talk to Mary Ellen Bowman, a legendary Spring instructor!...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu...

ai.djl.spring:djl-spring-boot-starter-autoconfigure (=0.26), ai.djl.spring:djl-spring-boot-starter-mxnet-auto (=0.26) +4388 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.2.0 <=3.2.12)

org.springframework.boot:spring-boot MAVEN version =3.2.0, =1.5.0, =1.5.0, =0.0.1, =7.0.0, =0.25.7-rc.1, =0.8.0.BETA, =1.0.2, =1.0.6 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +38874 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.2)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3035 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.1.0 <=3.1.12)

org.springframework.boot:spring-boot MAVEN version =3.1.0, =0.0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.0.6, =0.0.6, =0.0.28, =0.0.6, =0.0.7, =0.0.8, =0.0.11, =0.0.6, =0.3.2 - ai.timefold.solver:timefold-solver-spring-boot-autoconfigure =1.0.0 -...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7659 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.4)

org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.17.0, =1.17.0, =1.17.0, =1.21.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4054 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.10)

org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

CVE-2025-22235

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...