Lucene search
K

4 matches found

NVD
NVD
added 2026/06/09 5:16 a.m.15 views

CVE-2026-41849

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS0.00263EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.7 views

CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS5.6AI score0.00164EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/09 3:51 a.m.9 views

CVE-2026-41849

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS5.5AI score0.00263EPSS
Exploits0
OSV
OSV
added 2017/03/15 12:0 p.m.30 views

RUSTSEC-2017-0003 Hostname verification skipped when custom root certs used

If custom root certificates were registered with a ClientBuilder, the hostname of the target server would not be validated against its presented leaf certificate. This issue was fixed by properly configuring the trust evaluation logic to perform that check...

5.3CVSS5.2AI score0.00654EPSS
Exploits0References3
Rows per page
Query Builder