Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

Better Errors跨站请求伪造漏洞

Better Errors is a better, more useful error page replacing the standard Rails error page. A cross-site request forgery vulnerability exists in versions prior to Better Errors 2.8.0, which stems from the software not implementing CSRF protection for its internal requests. It also did not enforce...

OPENSUSE-SU-2021:0265-1 Security update for privoxy

This update for privoxy fixes the following issues: - Update to version 3.0.31: - Security/Reliability boo1181650 - Prevent an assertion from getting triggered by a crafted CGI request. Commit 5bba5b89193fa. OVE-20210130-0001. CVE-2021-20217 Reported by: Joshua Rogers Opera - Fixed a memory leak...

Stop User Enumeration 1.2.4 - POST Request Protection Bypass

The Stop User Enumeration WordPress plugin was affected by a POST Request Protection Bypass security vulnerability...