109 matches found
Spring Boot Actuator Logview Directory Traversal
spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint maven package "eu.hinsch:spring-boot-actuator-logview". id: CVE-2021-21234 info: name: Spring Boot Actuator Logview...
ROOT-APP-MAVEN-CVE-2026-22733 CVE-2026-22733 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22733 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22731 CVE-2026-22731 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22731 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)
Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...
CVE-2026-11458
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458 erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458 erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
EUVD-2026-34988
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458
CVE-2026-11458 affects erzhongxmu JeeWMS Boot Actuator Endpoint. The weakness involves the handling of the /base-boot/actuator path, where a manipulation can cause information disclosure. The vulnerability is exploitable remotely, and exploits have been made public. JeeWMS is on a rolling release...
JeeWMS 访问控制错误漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is an access control vulnerability in JeeWMS, which stems from issues with the handling of files in the /base-boot/actuator directory within the Boot Actuator Endpoint component. This vulnerability...
PT-2026-47180
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...
Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring
Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +773 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator (>=4.0.0-M1 <=4.0.3)
org.springframework.boot:spring-boot-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22731 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701840...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the configuration of endpoints under paths already assigned to Health Group additional paths. An attacker can gain unauthorized access to protected endpoints by sending reques...
ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +2251 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator (>=3.4.0 <=3.5.11)
org.springframework.boot:spring-boot-actuator MAVEN version =3.4.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.8.2 - cc.zzzyu.nacos:nacos-ai =3.1.1 and more Source cves: CVE-2026-22731 Source advisory:...
ai.ancf.lmos:arc-runner (>=0.1.1 <=0.114.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +4715 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.5.11)
org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =cloud-0.1, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +773 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=4.0.0-M1 <=4.0.3)
org.springframework.boot:spring-boot-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...