acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +5 more potentially affected by CVE-2026-22735 via springframework:spring-web (>=1.0.1 <=1.2.1)

springframework:spring-web MAVEN version =1.0.1, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701758...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +4 more potentially affected by CVE-2026-22735 via springframework:spring-webmvc (>=1.1.3 <=1.2.1)

springframework:spring-webmvc MAVEN version =1.1.3, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701757...

EUVD-2022-2081

Malicious code in bioql PyPI...

cn.sinapp.meutils:me-utils (=1.0), com.gnizr:gnizr-robot (=2.4.0-M4) +40 more potentially affected by CVE-2023-39022 via opensymphony:oscore (>=2.2.4 <=2.2.6)

opensymphony:oscore MAVEN version =2.2.4, =2.0, =2.1.5, =1.1.1, =1.1.3, =1.2, =1.2.3 and more Source cves: CVE-2023-39022 Source advisory: OSV:GHSA-859M-2PFX-FWHF...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +9015 more potentially affected by CVE-2022-34169 via xalan:xalan (>=2.3.1 <=2.7.2)

xalan:xalan MAVEN version =2.3.1, =1.3, =0.2.0, =0.2.0, =4.1.3, =19.9.0, =19.9.4, =0.0.1, =0.0.3 and more Source cves: CVE-2022-34169 Source advisory: OSV:GHSA-9339-86WC-4QGF...

acegisecurity:acegi-security-resin (=0.9.0), ch.qos.logback:logback-access (>=${parent.version} <=0.3) +3 more potentially affected by CVE-2012-2966 via com.caucho:resin (=3.0.9)

com.caucho:resin MAVEN version =3.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on com.caucho:resin and may be impacted: - acegisecurity:acegi-security-resin =0.9.0 - ch.qos.logback:logback-access =$parent.version, =2.3.0, =1.0.0, =2.0.0, =2.0.4...

GHSA-3295-H9QX-R82X Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2157 more potentially affected by CVE-2010-3700 via org.acegisecurity:acegi-security (>=1.0.0 <=1.0.7)

org.acegisecurity:acegi-security MAVEN version =1.0.0, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =1.17.3 and more Source cves: CVE-2010-3700 Source advisory: OSV:GHSA-3295-H9QX-R82X...

Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

berkano:bean-displaytag (>=20050615.234814 <=20050616.015551), berkano:berkano-util (>=dev-20050722 <=dev-20050723) +28 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=1.0.3 <=1.2.2)

opensymphony:xwork MAVEN version =1.0.3, =20050615.234814, =dev-20050722, =2.1.5, =1.1.3, =1.0-alpha-1, =1.1-beta-1, =1.1-beta-1, =1.0-beta-2, =1.0-beta-3 - org.codehaus.jet:jet-web-engine =1.0-beta-2 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...

acegisecurity:acegi-security-domain (=0.9.0), ai.databand.azkaban:azkaban-web-server (=3.18.0) +16272 more potentially affected by CVE-2020-10683 via dom4j:dom4j (>=1.1 <=1.6.1)

dom4j:dom4j MAVEN version =1.1, =1.4.1, =1.4.1, =1.2.0, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =0.6.1, =1.0.0, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2020-10683 Source advisory: OSV:GHSA-HWJ3-M3P6-HJ38...

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

Design/Logic Flaw

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

CVE-2010-3700

CVE-2010-3700 affects Spring Security (SpringSource) 2.x up to 2.0.5 and 3.x up to 3.0.3, and Acegi Security 1.0.0–1.0.7, notably when used in IBM WebSphere Application Server 6.1/7.0. The root cause is that URL path parameters are not consistently excluded from getPathInfo(), allowing an attacke...

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

Spring Security Security Constraint Bypass

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...