Lucene search
+L

9 matches found

EUVD
EUVD
added 2026/06/10 12:31 a.m.19 views

EUVD-2026-35896

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.18 views

CVE-2026-40993

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

7.3CVSS0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

VMware Spring Security和Spring Authorization Server 输入验证错误漏洞

VMware Spring Security and Spring Authorization Server are both products of the American company VMware. VMware Spring Security is a security framework designed to provide descriptive security protections for Spring-based applications. Spring Authorization Server is a framework used to build secu...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:47 p.m.3 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS6AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.31 views

PT-2026-48309

Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Spring Authorization Server versions 1.5.0 through 1.5.7 Description The authorization endpoint performs insufficient validation of the request uri parameter. An attacker can craft a malicious...

6.1CVSS5.9AI score0.00172EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/20 12:31 a.m.9 views

Spring MVC and WebFlux has Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References3Affected Software2
Debian CVE
Debian CVE
added 2026/03/19 11:37 p.m.4 views

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS4.7AI score0.00112EPSS
Exploits0
OSV
OSV
added 2023/02/16 7:15 p.m.4 views

CVE-2022-29054

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it...

3.3CVSS5.8AI score0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/02 12:0 a.m.12 views

PT-2022-21879 · Fortinet · Forticlient +1

Name of the Vulnerable Software and Affected Versions: FortiClient for Mac versions 7.0.0 through 7.0.5 Description: The issue allows a local authenticated attacker to obtain the SSL-VPN password in cleartext by running a logstream for the FortiTray process in the terminal, potentially exposing...

5.5CVSS5.1AI score0.00143EPSS
Exploits0References2
Rows per page
Query Builder