Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/05/14 10:2 a.m.13 views

CVE-2026-40976

A flaw was found in Spring Boot. Under specific conditions, including being a servlet-based web application without custom Spring Security configuration and relying on the default web security filter chain, a remote attacker could bypass security. This allows unauthorized access to all applicatio...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 12:16 a.m.6 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS0.00489EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:34 p.m.2 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/27 11:34 p.m.6 views

EUVD-2026-25940

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/27 11:34 p.m.3 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 11:34 p.m.218 views

CVE-2026-40976

CVE-2026-40976 affects Spring Boot 4.0.0–4.0.5. In vulnerable configurations, a servlet-based web application that relies on Spring Boot’s default web security (no custom Spring Security config), depends on spring-boot-actuator-autoconfigure, and does not rely on spring-boot-health can experience...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.5 views

PT-2026-35548

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Description Default web security in certain configurations is ineffective, allowing unauthorized and unauthenticated access to all endpoints. This occurs when a servlet-based web application relies on t...

9.1CVSS5.5AI score0.00489EPSS
Exploits0References15
vulnersOsv
vulnersOsv
added 2026/03/20 12:41 a.m.11 views

ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +2186 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.4.0 <=3.5.11)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.4.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.8.2 - cc.zzzyu.nacos:nacos-ai =3.1.1 and more Source cves: CVE-2026-22731 Source advisory:...

8.2CVSS7.2AI score0.00334EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/20 12:41 a.m.9 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +719 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22731 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701...

8.2CVSS7.2AI score0.00334EPSS
Exploits0
Snyk
Snyk
added 2026/03/20 12:41 a.m.3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the configuration of endpoints under paths already assigned to Health Group additional paths. An attacker can gain unauthorized access to protected endpoints by sending reques...

9.2CVSS5.7AI score0.00334EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/20 12:38 a.m.9 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +719 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701...

8.2CVSS7.2AI score0.0036EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/24 12:0 a.m.11 views

ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +1613 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.4.0 <=3.4.4)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.4.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =1.10.0, =1.14.0 and more Source cves: CVE-2025-22235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-9804539...

7.3CVSS7AI score0.00358EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/12/06 11:30 p.m.5 views

spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...

9.8CVSS7.3AI score0.01122EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/09/13 3:40 p.m.8 views

spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry

A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...

9.8CVSS7.3AI score0.01122EPSS
Exploits0References6
Veracode
Veracode
added 2023/04/27 10:39 a.m.82 views

Access Restriction Bypass

org.springframework.boot:spring-boot-actuator-autoconfigure is vulnerable to Access Restriction Bypass. The vulnerability is due to improper wild card matching, which allows a remote attacker to bypass access restrictions and gain access to the system. Please note that the vulnerability is only...

9.8CVSS9AI score0.01122EPSS
Exploits0References6Affected Software1
vulnersOsv
vulnersOsv
added 2023/04/20 9:33 p.m.6 views

cc.zhaoac:faith-core-boot (>=1.0.0 <=1.0.1), cc.zhaoac:faith-core-launch (>=1.0.0 <=1.0.1) +1019 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.7.0 <=2.7.10)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.7.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0 - cc.zhaoac:faith-tool-boot =1.1.0 - cc.zhaoac:faith-tool-common =1.1.0 - cc.zhaoac:faith-tool-launch =1.1.0 - cc.zhaoac:faith-tool-log =1.1.0 -...

9.8CVSS7.2AI score0.01122EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/04/20 9:33 p.m.6 views

ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.2.0), ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24) +5083 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.0.0.RELEASE <=2.5.14)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.0.0.RELEASE, =0.1.2, =0.5.0, =0.5.21, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.24 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W5...

9.8CVSS7.2AI score0.01122EPSS
Exploits0
Rows per page
Query Builder