29 matches found
CVE-2026-32309
Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock flow explicitly supports hub+http and consumes Hub endpoints from vault metadata without enforcing HTTPS. As a result, a vault configuration can drive OAuth and key-loading traffic over...
K000160223: Spring cloud gateway vulnerability CVE-2025-41243
Security Advisory Description Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server...
EUVD-2025-34761
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection...
GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
CVE-2025-41253
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
CVE-2025-41253
CVE-2025-41253 affects Spring Cloud Gateway Server Webflux: SpEL-enabled routes and unsecured actuator web endpoints can expose environment variables and system properties. Webflux components are vulnerable; WebMVC is not. IBM bulletin lists remediation: upgrade IBM Library Support for Spring to ...
CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...
EUVD-2025-29611
Malicious code in bioql PyPI...
EUVD-2023-51283
Malicious code in bioql PyPI...
CVE-2025-41243
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
GHSA-Q2CJ-H8FW-Q4CC Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
CVE-2025-41243
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
CVE-2025-41243
Spring Cloud Gateway Server Webflux is affected by a vulnerability where unsecured and exposed actuator endpoints allow modification of Spring Environment properties via SpEL, enabling configuration tampering. Affected component: Spring Cloud Gateway Server Webflux (WebFlux; WebMVC is not vulnera...
CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...
ALPINE-CVE-2025-32802
Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...
CVE-2023-47148
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599...
GHSA-583G-G682-CRXF Micronaut management endpoints vulnerable to drive-by localhost attack
Summary Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. Details A...