Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6746 matches found

NVD
NVDadded 2022/10/31 8:15 p.m.20 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1CVSS0.00313EPSS
Exploits0References2
OSV
OSVadded 2022/10/31 8:15 p.m.23 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1CVSS8.8AI score0.00313EPSS
Exploits0References2
Prion
Prionadded 2022/10/31 8:15 p.m.31 views

Authorization

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

5.1CVSS8.7AI score0.00313EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/10/31 8:15 p.m.1 views

UBUNTU-CVE-2022-31692

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...

9.8CVSS6.7AI score0.07387EPSS
Exploits3References3
Prion
Prionadded 2022/10/31 8:15 p.m.29 views

Authorization

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...

7.5CVSS9.2AI score0.07387EPSS
Exploits3References2Affected Software1
UbuntuCve
UbuntuCveadded 2022/10/31 8:15 p.m.26 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1CVSS7.2AI score0.00313EPSS
Exploits0References2
OSV
OSVadded 2022/10/31 8:15 p.m.0 views

UBUNTU-CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1CVSS7.2AI score0.00313EPSS
Exploits0References3
Spring Engineering
Spring Engineeringadded 2022/10/31 4:41 p.m.231 views

CVE-2022-31690: Privilege Escalation in spring-security-oauth2-client

Spring Security 5.6.9 and 5.7.5 released on October 31st, 2022 included a fix for CVE-2022-31690 affecting the mapping of authorized scopes in spring-security-oauth2-client. Users are encouraged to update as soon as possible. Impact Users who have applied the mitigation should take note of the...

0.7AI score0.00313EPSS
Exploits0
Spring Engineering
Spring Engineeringadded 2022/10/31 4:41 p.m.185 views

CVE-2022-31692: Authorization rules can be bypassed via forward or include in Spring Security

Spring Security 5.6.9 and 5.7.5 released on October 31st, 2022 included a fix for CVE-2022-31692 affecting the AuthorizationFilter. Users are encouraged to update as soon as possible...

4.5AI score0.07387EPSS
Exploits3
vulnersOsv
vulnersOsvadded 2022/10/31 6:43 a.m.1 views

com.bstek.uflo:uflo-console (>=2.0.0 <=2.1.5), com.syyai.spring.boot:uflo-spring-boot-starter (=2.1.4) +1 more potentially affected by CVE-2022-25894 via com.bstek.uflo:uflo-core (>=2.0.0 <=2.1.5)

com.bstek.uflo:uflo-core MAVEN version =2.0.0, =2.0.0, =2.0, =2.5.1.v20220215 Source cves: CVE-2022-25894 Source advisory: SNYK:JAVA-COMBSTEKUFLO-3091112...

9.8CVSS7.2AI score0.03741EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2022/10/31 12:0 a.m.4 views

PT-2022-20890

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.6 through 5.6.8 Spring Security versions 5.7 through 5.7.4 Description The issue allows a malicious user or attacker to modify a request initiated by the Client to the Authorization Server, potentially leading to a...

8.1CVSS7.2AI score0.00313EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2022/10/31 12:0 a.m.8 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.1AI score0.00313EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.2 views

VMware Spring Security 安全漏洞

VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 5.7.x prior to 5.7.5 and 5.6.x prior to 5.6.9, which stems from a malicious user or...

8.1CVSS7.8AI score0.00313EPSS
Exploits0References6
CVE
CVEadded 2022/10/31 12:0 a.m.202 views

CVE-2022-31692

CVE-2022-31692 affects Spring Security prior to 5.7.5 (and 5.6 prior to 5.6.9). The issue allows authorization bypass when an application configures the FilterChainProxy to apply security to forward/include dispatcher types and uses AuthorizationFilter via manual wiring or authorizeHttpRequests()...

9.8CVSS9.2AI score0.07387EPSS
Exploits3References2Affected Software1
Cvelist
Cvelistadded 2022/10/31 12:0 a.m.24 views

CVE-2022-31692

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...

9.6AI score0.07387EPSS
Exploits3References2
CVE
CVEadded 2022/10/31 12:0 a.m.415 views

CVE-2022-31690

CVE-2022-31690 affects Spring Security versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9. A malicious user could modify a client-initiated request to the Authorization Server, leading to privilege escalation on the subsequent approval if the OAuth2 Access Token Response incorrectly contains an e...

8.1CVSS7.8AI score0.00313EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/10/31 12:0 a.m.14 views

CVE-2022-31692

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...

9.4AI score0.07387EPSS
Exploits3References2
Positive Technologies
Positive Technologiesadded 2022/10/31 12:0 a.m.7 views

PT-2022-20892

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.6 prior to 5.6.9 Spring Security versions 5.7 prior to 5.7.5 Description The issue concerns the potential bypass of authorization rules in Spring Security via forward or include dispatcher types. An application is...

9.8CVSS6.7AI score0.07387EPSS
Exploits3References14
Cvelist
Cvelistadded 2022/10/31 12:0 a.m.20 views

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client via the browser to the Authorization Server which...

8.2AI score0.00313EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.3 views

VMware Spring Security 安全漏洞

VMware Spring Security is a suite of security frameworks from VMware that provide illustrative security protections for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 5.7.x prior to 5.7.5 and 5.6.x prior to 5.6.9, which stems from the possibility of...

9.8CVSS7AI score0.07387EPSS
Exploits3References5
Rows per page
Query Builder