Lucene search
+L

17 matches found

osv
osv
added 2026/06/23 9:44 a.m.7 views

ROOT-APP-MAVEN-CVE-2026-22737 CVE-2026-22737 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22737 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.6AI score0.00385EPSS
Exploits1
ibm
ibm
added 2026/06/15 10:14 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Locking, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-22735, CVE-2026-22737)

Summary There are vulnerabilities in spring-web-6.2.15.jar, spring-webmvc-6.2.15.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22735, CVE-2026-22737. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux...

5.9CVSS5.1AI score0.00385EPSS
Exploits1Affected Software1
ibm
ibm
added 2026/04/29 1:24 p.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.13.1 Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of conten...

9.8CVSS8.7AI score0.47621EPSS
Exploits10Affected Software1
ibm
ibm
added 2026/04/27 9:3 a.m.15 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring

Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...

9.1CVSS6AI score0.0048EPSS
Exploits3Affected Software1
ibm
ibm
added 2026/04/27 7:44 a.m.12 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses lodash-4.17.21.tgz, tomcat-embed-core-10.1.49.jar, Markdown-3.7-py3-none-any.whl, spring-webmvc-6.2.14.jar, torch-2.10.0-cp311-cp311-manylinux228x8664.whl, and FlaskHTTPAuth-4.8.0-py3-none-any.whl, which are vulnerable to CVE-2025-13465, CVE-2025-66614,...

9.1CVSS7AI score0.01535EPSS
Exploits1Affected Software1
wolfi
wolfi
added 2026/04/01 1:48 a.m.9 views

CVE-2026-22737 vulnerabilities

Vulnerabilities for packages: thingsboard, apache-nifi-registry...

5.9CVSS6.2AI score0.00385EPSS
Exploits1
nessus
nessus
added 2026/03/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-22737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from...

5.9CVSS6.1AI score0.00385EPSS
Exploits1References4
vulnersosv
vulnersosv
added 2026/03/20 2:41 a.m.7 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +584 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=7.0.0-M7 <=7.0.5)

org.springframework:spring-webflux MAVEN version =7.0.0-M7, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =2.0.8, =4.0.0.0-M2, =4.0.0.0-M2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701844...

5.9CVSS6AI score0.00385EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/20 2:41 a.m.8 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.120.0) +2906 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.0.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =0.2.2, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701844...

5.9CVSS6AI score0.00385EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/20 2:41 a.m.11 views

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +4 more potentially affected by CVE-2026-22737 via springframework:spring-webmvc (>=1.1.3 <=1.2.1)

springframework:spring-webmvc MAVEN version =1.1.3, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701846...

5.9CVSS6AI score0.00385EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/20 12:31 a.m.7 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +584 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=7.0.0-M7 <=7.0.5)

org.springframework:spring-webflux MAVEN version =7.0.0-M7, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =2.0.8, =4.0.0.0-M2, =4.0.0.0-M2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

5.9CVSS6AI score0.00385EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/20 12:31 a.m.9 views

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-runner (>=0.114.0 <=0.120.0) +1438 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=6.2.0 <=6.2.16)

org.springframework:spring-webflux MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 - ai.telosforge:kimaira-util-webclient =1.2.6 and more Source cves: CVE-2026-22737 Source advisory:...

5.9CVSS6AI score0.00385EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/20 12:31 a.m.9 views

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +1988 more potentially affected by CVE-2026-22737 via org.springframework:spring-webflux (>=5.3.0 <=5.3.39)

org.springframework:spring-webflux MAVEN version =5.3.0, =1.1.0, =1.1.0, =j11.2.6.0, =v0.3.12, =v0.3.12, =v0.3.12, =4.1.36, =4.1.36, =1.7, =1.0, =1.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

5.9CVSS6AI score0.00385EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/03/20 12:31 a.m.8 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +6480 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.0.0 <=6.1.21)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

5.9CVSS6AI score0.00385EPSS
Exploits1
ubuntucve
ubuntucve
added 2026/03/20 12:16 a.m.7 views

CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.8AI score0.00385EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/03/19 11:53 p.m.6 views

CVE-2026-22737

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.7AI score0.00385EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/03/19 11:53 p.m.3 views

CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates

Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0...

5.9CVSS5.8AI score0.00385EPSS
Exploits1References1
Rows per page
Query Builder