528 matches found
CVE-2026-41842
Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...
CVE-2026-41841 Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...
EUVD-2026-35328
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...
CVE-2026-41841
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...
CVE-2026-41841
CVE-2026-41841 affects Spring Framework versions 5.3.0–5.3.48; 6.1.0–6.1.27; 6.2.0–6.2.18; 7.0.0–7.0.7. It describes Information Disclosure via the static resource cache in Spring MVC and WebFlux when resolving static resources. The root cause and exact exploit path are not detailed in the provid...
PT-2026-47653
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC and WebFlux applications are...
PT-2026-47652
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC and WebFlux applications are...
Spring Framework Cross-site Scripting via JSP Form Tags
Spring MVC applications which accept user-supplied values in the cssClass , cssErrorClass , or cssStyle attributes of JSP tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability...
CVE-2026-41842: Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux
Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: When all the conditions above are met, an attacker can send malicious requests that are slow to...
Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable toDenial of Service attacks.
Summary spring-webmvc-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22745. Vulnerability Details CVEID:CVE-2026-22745 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an...
CVE-2026-38939
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...
CVE-2026-22741
A flaw was found in Spring MVC and Spring WebFlux applications. A remote attacker can exploit this vulnerability by sending malicious requests to poison the resource cache with incorrectly encoded resources. This can lead to a denial of service DoS by disrupting the front-end application for...
Linux Distros Unpatched Vulnerability : CVE-2026-22741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all...
CVE-2026-38939
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...
CVE-2026-38939
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...
EUVD-2026-26387
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...
CVE-2026-38939
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the productcatalogue.php component...
PT-2026-36121
Cross Site Scripting vulnerability in andrewtch88 mvc-ecommerce v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the product catalogue.php component...
CVE-2026-38939
CVE-2026-38939 describes a Cross Site Scripting (XSS) vulnerability in the MVC-Ecommerce application by andrewtch88 (v.1.0) affecting the product_catalogue.php component. The NVD and related sources confirm the flaw but do not provide specific impacted versions beyond v.1.0, nor a confirmed patch...
GHSA-6P4F-WCWH-5VVM Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is serving static resources from...