CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

154 matches found

WebMvc.fn/WebFlux.fn - Path Traversal

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS7AI score0.9389EPSS

Exploits1References4

Nuclei•added 13 hours ago•4 views

Spring Framework - Path Traversal

Spring Framework MVC applications deployed as WAR or with embedded Servlet containers that do not reject suspicious URI sequences and serve static resources with Spring resource handling contain a path traversal vulnerability, letting attackers access unauthorized files, exploit requires...

5.9CVSS6.5AI score0.05222EPSS

Exploits0References4

Nuclei•added 2 days ago•1 views

Spring Framework Path Traversal in Functional Web Frameworks

7.5CVSS6.8AI score0.93188EPSS

Exploits5References3

RedhatCVE•added 2026/05/05 2:6 p.m.•3 views

CVE-2026-22745

A flaw was found in Spring MVC and Spring WebFlux applications. When an application is configured to serve static resources from the file system on a Windows platform, a remote attacker can send specially crafted requests that are slow to resolve. This can keep HTTP connections in use, leading to...

5.3CVSS5.8AI score0.00067EPSS

Exploits0References5

Tenable Nessus•added 2026/05/04 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all...

3.1CVSS5.8AI score0.00083EPSS

Exploits0References4

OSV•added 2026/04/29 12:33 p.m.•0 views

GHSA-WG35-8JPF-2XV3 Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

5.8AI score0.00083EPSS

Exploits0References4

Github Security Blog•added 2026/04/29 12:33 p.m.•8 views

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is serving static resources from...

5.3CVSS5.8AI score0.00067EPSS

Exploits0References3Affected Software2

OSV•added 2026/04/29 12:33 p.m.•1 views

GHSA-6P4F-WCWH-5VVM Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources

5.3CVSS5.8AI score0.00067EPSS

Exploits0References3

NVD•added 2026/04/29 12:16 p.m.•1 views

CVE-2026-22745

5.3CVSS0.00067EPSS

Exploits0References2

NVD•added 2026/04/29 12:16 p.m.•2 views

CVE-2026-22741

3.1CVSS0.00083EPSS

Exploits0References2

OSV•added 2026/04/29 12:16 p.m.•1 views

DEBIAN-CVE-2026-22741

3.1CVSS5.8AI score0.00083EPSS

Exploits0References1

CVE•added 2026/04/29 11:35 a.m.•12 views

CVE-2026-22745

The vulnerability is in the Spring Framework’s static resource resolution when serving file-system backed resources in Spring MVC/WebFlux apps on Windows. Affected component: org.springframework:spring-core. Under the conditions that the app uses Spring MVC or Spring WebFlux, serves static resour...

5.3CVSS5.4AI score0.00067EPSS

Exploits0References2Affected Software1