Lucene search
K

33943 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 3:55 a.m.7 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:55 a.m.5 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS5.8AI score0.00435EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/07 3:53 a.m.56 views

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:53 a.m.27 views

EUVD-2026-28248

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS5.8AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:53 a.m.6 views

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS5.8AI score0.0022EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/07 3:51 a.m.40 views

CVE-2026-41004

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:51 a.m.7 views

CVE-2026-41004

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 3:51 a.m.6 views

CVE-2026-41004

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:51 a.m.8 views

EUVD-2026-28250

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 3:51 a.m.23 views

CVE-2026-41004

The CVE-2026-41004 affects Spring Cloud Config Server when trace logging is enabled, exposing sensitive information in plain text in logs. All affected branches and versions include: Spring Cloud Config 3.1.x (3.1.0–3.1.13) with upgrade to 3.1.14+; 4.1.x (4.1.0–4.1.9) upgrade to 4.1.10+; 4.2.x (4...

4.4CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/07 3:49 a.m.40 views

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS0.00727EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:49 a.m.10 views

EUVD-2026-28246

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 3:49 a.m.27 views

CVE-2026-40982

Spring Cloud Config server (spring-cloud-config-server) is vulnerable to a directory-traversal issue that allows serving arbitrary text and binary files via crafted URLs. Affected versions: Spring Cloud Config 3.1.x (3.1.0–3.1.13); upgrade to 3.1.14+. 4.1.x (4.1.0–4.1.9); upgrade to 4.1.10+. 4.2....

9.1CVSS5.9AI score0.00727EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 3:49 a.m.8 views

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:49 a.m.5 views

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

9.1CVSS5.9AI score0.00727EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 3:47 a.m.9 views

CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

5.5CVSS6.2AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:47 a.m.8 views

CVE-2026-40004

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

5.5CVSS6.2AI score0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 3:47 a.m.49 views

CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

5.5CVSS0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 3:47 a.m.15 views

EUVD-2026-28243

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

5.5CVSS6.2AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 3:47 a.m.27 views

CVE-2026-40004

Technical details about CVE-2026-40004 are not publicly provided in the supplied documents. No explicit affected products, versions, impact, or fixes are present here. Monitor for updates from vendors and security feeds for confirmation and remediation guidance.

7.8CVSS6.2AI score0.00137EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder