Lucene search
K

528 matches found

Debian CVE
Debian CVE
added 2026/06/09 3:50 a.m.13 views

CVE-2026-41842

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

7.5CVSS5.5AI score0.00399EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 3:50 a.m.8 views

CVE-2026-41841 Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35328

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00313EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 3:50 a.m.10 views

CVE-2026-41841

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score0.00313EPSS
Exploits0
CVE
CVE
added 2026/06/09 3:50 a.m.43 views

CVE-2026-41841

CVE-2026-41841 affects Spring Framework versions 5.3.0–5.3.48; 6.1.0–6.1.27; 6.2.0–6.2.18; 7.0.0–7.0.7. It describes Information Disclosure via the static resource cache in Spring MVC and WebFlux when resolving static resources. The root cause and exact exploit path are not detailed in the provid...

5.9CVSS5.5AI score0.00313EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47653

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC and WebFlux applications are...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47652

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC and WebFlux applications are...

5.9CVSS5.5AI score0.00313EPSS
Exploits0References9
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.4 views

Spring Framework Cross-site Scripting via JSP Form Tags

Spring MVC applications which accept user-supplied values in the cssClass , cssErrorClass , or cssStyle attributes of JSP tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability...

5.9CVSS5.7AI score0.0014EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.6 views

CVE-2026-41842: Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: When all the conditions above are met, an attacker can send malicious requests that are slow to...

7.5CVSS5.3AI score0.00399EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/06 1:36 p.m.9 views

Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable toDenial of Service attacks.

Summary spring-webmvc-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22745. Vulnerability Details CVEID:CVE-2026-22745 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an...

5.3CVSS5.5AI score0.00341EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-38939

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...

6.1CVSS6AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:47 a.m.6 views

CVE-2026-22741

A flaw was found in Spring MVC and Spring WebFlux applications. A remote attacker can exploit this vulnerability by sending malicious requests to poison the resource cache with incorrectly encoded resources. This can lead to a denial of service DoS by disrupting the front-end application for...

5.9CVSS5.8AI score0.00236EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-22741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all...

3.1CVSS6AI score0.00236EPSS
Exploits0References4
NVD
NVD
added 2026/04/30 4:16 p.m.6 views

CVE-2026-38939

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...

6.1CVSS0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.30 views

CVE-2026-38939

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...

0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26387

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...

6.1CVSS5.7AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.6 views

CVE-2026-38939

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...

5.7AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36121

Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product catalogue.php component...

6.1CVSS5.7AI score0.00214EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.26 views

CVE-2026-38939

CVE-2026-38939 describes a Cross Site Scripting (XSS) vulnerability in the MVC-Ecommerce application by andrewtch88 (v.1.0) affecting the product_catalogue.php component. The NVD and related sources confirm the flaw but do not provide specific impacted versions beyond v.1.0, nor a confirmed patch...

6.1CVSS5.7AI score0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/04/29 12:33 p.m.7 views

GHSA-6P4F-WCWH-5VVM Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is serving static resources from...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References3
Rows per page
Query Builder