Lucene search
K

8 matches found

NVD
NVD
added 2026/06/09 5:16 a.m.17 views

CVE-2026-41851

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

7.5CVSS0.0036EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.7 views

UBUNTU-CVE-2026-41851

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

7.5CVSS5.4AI score0.0036EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 3:51 a.m.8 views

CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

5.3CVSS5.4AI score0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:51 a.m.11 views

EUVD-2026-35339

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

7.5CVSS5.4AI score0.0036EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47662

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Applications that accept user-supplied Sprin...

7.5CVSS5.8AI score0.0036EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45026

Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...

6.5CVSS5.8AI score0.00023EPSS
Exploits0References16
OSV
OSV
added 2026/05/08 5:13 p.m.6 views

GHSA-QXHC-WX3P-2WMG @fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

Impact @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded. Under sustained load,...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References4
Veracode
Veracode
added 2025/04/23 1:57 p.m.8 views

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded in-memory cache growth due to allowing unique schema requests to continually populate the grammar cache, potentially exhausting system RAM...

7AI score
Exploits0
Rows per page
Query Builder