CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•6 views

EUVD-2026-33727

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

8.1CVSS5.9AI score0.00032EPSS

CNNVD•added 3 days ago•4 views

CloudFoundry CF Deployment security vulnerabilities

CloudFoundry CF Deployment is a code deployment component of the CloudFoundry Foundation. There is a security vulnerability in CloudFoundry CF Deployment, which stems from a bypass of input validation during SMB volume mounting processes. This vulnerability could allow developers with low...

8.1CVSS6AI score0.00032EPSS

CNNVD•added 2026/05/01 12:0 a.m.•3 views

CloudFoundry CF Deployment 和CloudFoundry Routing release 安全漏洞

CloudFoundry CF Deployment and CloudFoundry Routing are both products of the CloudFoundry Foundation. CloudFoundry CF Deployment is a code deployment component. CloudFoundry Routing release is a collection of application routing components. Both CloudFoundry CF Deployment and CloudFoundry Routing...

5CVSS5.9AI score0.00048EPSS

Vulnrichment•added 2026/04/30 11:17 p.m.•1 views

CVE-2026-22726 Route Services Firewall Bypass

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS5.8AI score0.00048EPSS

IBM Security Bulletins•added 2026/04/20 2:26 p.m.•3 views

Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot

Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...

Exploits0Affected Software1

Snyk•added 2026/03/20 12:38 a.m.•2 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFound...

9.2CVSS5.8AI score0.00036EPSS

Snyk•added 2026/03/20 12:38 a.m.•3 views

Authentication Bypass Using an Alternate Path or Channel

9.2CVSS5.8AI score0.00036EPSS

OSV•added 2026/03/20 12:31 a.m.•0 views

GHSA-MGVC-8Q2H-5PGC Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS5.9AI score0.00036EPSS

Exploits0References3

Github Security Blog•added 2026/03/20 12:31 a.m.•2 views

Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints

Exploits0References3Affected Software1

EUVD•added 2026/03/20 12:31 a.m.•2 views

EUVD-2026-13349

NVD•added 2026/03/20 12:16 a.m.•1 views

CVE-2026-22733

8.2CVSS0.00036EPSS

ATTACKERKB•added 2026/03/19 11:29 p.m.•4 views

CVE-2026-22733

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/19 11:29 p.m.•1 views

CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints

CVE•added 2026/03/19 11:29 p.m.•40 views

CVE-2026-22733

Summary of CVE-2026-22733 : Affected are Spring Boot applications using Actuator with a misconfigured endpoint under the CloudFoundry Actuator path. The issue is described as an Authentication Bypass in several Spring Security versions (2.7.0–2.7.31, 3.3.0–3.3.17, 3.4.0–3.4.14, 3.5.0–3.5.11, 4.0....

Exploits0References1Affected Software1

Cvelist•added 2026/03/19 11:29 p.m.•17 views

CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints

8.2CVSS0.00036EPSS

Positive Technologies•added 2026/03/19 12:0 a.m.•2 views

PT-2026-26453

Name of the Vulnerable Software and Affected Versions Spring Security versions 4.0.0 through 4.0.3 Spring Security versions 3.5.0 through 3.5.11 Spring Security versions 3.4.0 through 3.4.14 Spring Security versions 3.3.0 through 3.3.17 Spring Security versions 2.7.0 through 2.7.31 Description...

8.2CVSS7.2AI score0.00036EPSS

Exploits0References9

RedhatCVE•added 2026/03/07 1:43 a.m.•1 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.8AI score0.0008EPSS

Snyk•added 2026/03/05 9:30 p.m.•0 views

Comparison Using Wrong Factors

Overview org.cloudfoundry.identity:cloudfoundry-identity-server is a Cloud Foundry User Account and Authentication UAA Server. Affected versions of this package are vulnerable to Comparison Using Wrong Factors due to a logic error in the token revocation endpoint implementation. An attacker can...

6.5CVSS5.8AI score0.0008EPSS

OSV•added 2026/03/05 9:16 p.m.•1 views

CVE-2026-22723

Inappropriate user token revocation due to a logic error in the token revocation endpoint implementation in Cloudfoundry UAA v77.30.0 to v78.7.0 and in Cloudfoundry Deployment v48.7.0 to v54.10.0...

6.5CVSS5.9AI score0.0008EPSS