6505 matches found
best.skn:skn-spring-mail (>=1.0.0 <=2.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.0.0 <=8.8.1) +710 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf-spring6 (>=3.1.0.M1 <=3.1.3.RELEASE)
org.thymeleaf:thymeleaf-spring6 MAVEN version =3.1.0.M1, =1.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.6.0, =7.6.0, =7.0.0, =7.0.0, =8.8.1 and more Source cves: CVE-2026-40477 Source advisory: SNYK:JAVA-ORGTHYMELEAF-16078370...
Template Injection
Overview Affected versions of this package are vulnerable to Template Injection due to the TemplateEngine's improper restriction of accessible object scope during expression evaluation. An attacker can inject into sensitive objects to execute unauthorized actions. Remediation Upgrade...
best.skn:skn-spring-mail (>=1.0.0 <=2.4.0), ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=7.0.0 <=8.8.1) +710 more potentially affected by CVE-2026-40477 via org.thymeleaf:thymeleaf-spring6 (>=3.1.0.M1 <=3.1.3.RELEASE)
org.thymeleaf:thymeleaf-spring6 MAVEN version =3.1.0.M1, =1.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.6.0, =7.6.0, =7.0.0, =7.0.0, =8.8.1 and more Source cves: CVE-2026-40477 Source advisory: OSV:GHSA-R4V4-5MWR-2FWR...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +9547 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.83)
org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =3.10.0.5, =0.5.0, =1.2.4, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2026.03.26.140500-911435f and more Source cves: CVE-2026-5588 Source advisory:...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +16992 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.83)
org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.7 and more Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074612...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +9547 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-jdk18on (>=1.71 <=1.83)
org.bouncycastle:bcpkix-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =3.10.0.5, =0.5.0, =1.2.4, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2026.03.26.140500-911435f and more Source cves: CVE-2026-5588 Source advisory:...
Exploit for CVE-2026-34197
CVE-2026-34197 — Apache ActiveMQ Classic RCE via Jolokia API...
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +45 more potentially affected by CVE-2026-37980 via org.keycloak:keycloak-themes (>=10.0.0 <=9.0.3)
org.keycloak:keycloak-themes MAVEN version =10.0.0, =2.5.6-24.0, =0.1.0, =2.6.0.Final, =8.1, =1.0.0, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.6.0 and more Source cves: CVE-2026-37980https://vulners.com/cve/CVE-2026-...
This Week in Spring - April 14th, 2026
Hi, Spring fans! ¡Hola from Barcelona, Spain! I'm at the amazing Spring I/O event, hanging out with some of the amazing Spring ecosystem developers! Life is amazing here in the warm sun of springtime. There's a lot to look at this week, so let's dive right into it! Another nice tutorial on how to...
Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework
Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...
K000160736: Spring Cloud Gateway vulnerability CVE-2026-22750
Security Advisory Description When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If yo...
cn.angis.warm-flow-beetlsql:warm-flow-beetlsql-sb-starter (>=1.6.9.1 <=1.8.4.0), cn.angis.warm-flow-beetlsql:warm-flow-beetlsql-sb-test (>=1.6.9.1 <=1.7.2.3) +34 more potentially affected by CVE-2026-6125 via org.dromara.warm:warm-flow-plugin-modes-sb (>=1.3.4 <=1.8.5-m3)
org.dromara.warm:warm-flow-plugin-modes-sb MAVEN version =1.3.4, =1.6.9.1, =1.6.9.1, =1.6.8.1, =4.0.0, =2025.13.0, =2025.3.2, =1.6.6, =1.6.6, =1.8.4 - org.dromara.warm-flow-mybatis-flex:warm-flow-mybatis-flex-solon-test =1.6.6 and more Source cves: CVE-2026-6125 Sourc...
Warm-Flow has a SpEL Expression Injection in SpelHelper.parseExpression
A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...
Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty,Spring Cloud Netflix Zuul,Spring Framework,Spring Security,NPM package,glob-parent package,jQuery,Braces, go-redis,qs,LZ4,js-yaml might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, Spring Cloud Netflix Zuul , Spring Framework, Spring Security, NPM package, glob-parent package, jQuery, Braces, go-redis, qs, LZ4 and js-yaml. Vulnerabilities include , bypassing the...
Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava. Vulnerabilities include allowing a malicious user to modify the prototype of "Object" via proto, causing the addition...
org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-39304 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)
org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...
GHSA-HWQH-2684-54FC Spring Cloud Gateway's SSL bundle configuration silently bypassed
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...
Spring Cloud Gateway's SSL bundle configuration silently bypassed
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...
EUVD-2026-21330
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...
CVE-2026-22750
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...