Lucene search
K

358 matches found

Nuclei
Nuclei
added 14 hours ago18 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS7AI score0.03311EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 9:44 a.m.11 views

ROOT-APP-MAVEN-CVE-2024-38816 CVE-2024-38816 in io.root.org.springframework:spring-webflux - Patched by Root

Root has patched CVE-2024-38816 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...

7.5CVSS7AI score0.14718EPSS
Exploits1
OSV
OSV
added 2026/06/23 9:44 a.m.10 views

ROOT-APP-MAVEN-CVE-2024-38819 CVE-2024-38819 in io.root.org.springframework:spring-webflux - Patched by Root

Root has patched CVE-2024-38819 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.2AI score0.54862EPSS
Exploits6
OSV
OSV
added 2026/06/22 12:34 p.m.13 views

ROOT-APP-MAVEN-CVE-2026-22740 CVE-2026-22740 in io.root.org.springframework:spring-webflux - Patched by Root

Root has patched CVE-2026-22740 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...

6.5CVSS5.4AI score0.00344EPSS
Exploits0
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-47825

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS0.00139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.32 views

PT-2026-49468

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway versions prior to 3.1.13 Spring Cloud Gateway versions prior to 4.1.13 Spring Cloud Gateway versions prior to 4.2.9 Spring Cloud Gateway versions prior to 4.3.5 Spring Cloud Gateway versions prior to 5.0.2 Description Spri...

8.6CVSS5.8AI score0.00139EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.9 views

CVE-2026-41843

A flaw was found in Spring Framework. Specifically, Spring MVC and WebFlux applications are vulnerable to a Path Traversal attack. This vulnerability allows a remote attacker to access sensitive files or directories on the server by manipulating requests for static resources. The successful...

5.9CVSS5.3AI score0.00341EPSS
Exploits0References5
Spring Security Advisories
Spring Security Advisories
added 2026/06/11 12:0 a.m.9 views

cve-2026-47825 - HIGH - Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

cve-2026-47825 - HIGH - Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations...

8.6CVSS6.1AI score0.00139EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.12 views

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.4AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.17 views

CVE-2026-41853

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.15 views

CVE-2026-41847

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

5.3CVSS0.00166EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.17 views

CVE-2026-41841

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.18 views

CVE-2026-41842

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

7.5CVSS0.00399EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.24 views

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48...

5.9CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:16 a.m.13 views

CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.11 views

UBUNTU-CVE-2026-41843

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00341EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 5:16 a.m.9 views

UBUNTU-CVE-2026-41847

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

5.3CVSS5.4AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 5:16 a.m.13 views

UBUNTU-CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48...

5.9CVSS5.8AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 5:16 a.m.9 views

UBUNTU-CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS5.2AI score0.00197EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:51 a.m.41 views

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS0.00186EPSS
Exploits0References1
Rows per page
Query Builder