Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

DEBIAN-CVE-2026-12892

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

CVE-2026-12892

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

ROOT-APP-MAVEN-CVE-2026-22745 CVE-2026-22745 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22745 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of Cache Containing Sensitive Information (CVE-2026-22741)

Summary There are vulnerabilities in spring-webmvc-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22741. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview org.springframework.data:spring-data-rest-webmvc is a maven plugin for Spring Data REST - WebMVC. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the processing of...

CVE-2026-41853

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41841

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

UBUNTU-CVE-2026-41842

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41846

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

EUVD-2026-35331

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41843

CVE-2026-41843 affects Spring Framework, specifically Spring MVC and WebFlux, where path traversal can occur when resolving static resources. Affected versions include 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The connected documents confirm the vulnerability class as path traver...

CVE-2026-41842 Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41842

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41841 Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...