Lucene search
K

21 matches found

Nuclei
Nuclei
added 18 hours ago15 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS7.3AI score0.03311EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 11:17 p.m.11 views

CVE-2026-50201

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, all Steeltoe actuator endpoints default to...

6.5CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 9:46 p.m.20 views

CVE-2026-50201

CVE-2026-50201: Steeltoe's sensitive actuators (heapdump, environment, thread dump) default to EndpointPermissions.Restricted in Steeltoe.Management.Endpoint (pre-4.2.0) and Steeltoe.Management.EndpointCore (pre-3.4.0), mapping to CF read_basic_data. Sensitive endpoints are not upgraded to Endpoi...

6.5CVSS5.2AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 12:31 a.m.5 views

EUVD-2026-13349

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 12:16 a.m.3 views

CVE-2026-22733

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 4:55 p.m.4 views

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00435EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/16 3:30 p.m.10 views

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00435EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/16 3:30 p.m.3 views

EUVD-2025-34761

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection...

7.5CVSS6.7AI score0.00435EPSS
Exploits0References5
OSV
OSV
added 2025/10/16 3:30 p.m.4 views

GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS5.9AI score0.00435EPSS
Exploits0References5
NVD
NVD
added 2025/10/16 3:15 p.m.8 views

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 2:25 p.m.3 views

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.4AI score0.00435EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 2:25 p.m.12 views

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS0.00435EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/10 9:7 a.m.9 views

Remote Code Execution

org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Remote Code Execution. The vulnerability is due to exposed actuator endpoints evaluating user-controlled input via the GatewayEvaluationContext, allowing attackers to modify Spring Environment properties when the actuator...

10CVSS8.1AI score0.03311EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2025/09/16 2:54 p.m.2 views

CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

10CVSS6.5AI score0.03311EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/16 2:54 p.m.9 views

CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

10CVSS0.03311EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/08/08 8:40 a.m.108 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Spring Cloud Gateway Vulnerability Demonstratio...

10CVSS8AI score0.98253EPSS
Exploits54
Veracode
Veracode
added 2025/05/06 6:40 a.m.16 views

Missing Authorization

org.springframework.boot is vulnerable to Missing Authorization. The vulnerability is due to incorrect request matching caused by EndpointRequest.to creating a matcher for null/ when the targeted actuator endpoint is disabled or not exposed, which allows unprotected access to the /null path...

7.3CVSS6.6AI score0.00358EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2022/09/30 2:35 p.m.6 views

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

5.4CVSS5.7AI score0.0056EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/09/30 2:35 p.m.27 views

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

5.4CVSS5.9AI score0.0056EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/30 12:0 a.m.4 views

PT-2022-16230 · Unknown · Spring Boot +1

Name of the Vulnerable Software and Affected Versions: PingCentral versions prior to listed versions Description: The issue exposes Spring Boot actuator endpoints, which can return large amounts of sensitive environmental and application information when accessed with administrative authenticatio...

5.4CVSS5.1AI score0.0056EPSS
Exploits0References4
Rows per page
Query Builder