Lucene search
+L

59 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-22752

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS0.00425EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-44904

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS6.1AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-22752 Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS0.00425EPSS
Exploits0References1
CVE
CVE
added 3 days ago18 views

CVE-2026-22752

CVE-2026-22752 affects Spring Authorization Server dynamic client registration: versions 7.0.0–7.0.4, 1.5.0–1.5.6, 1.4.0–1.4.9, and 1.3.0–1.3.10, with insufficient validation of client metadata during dynamic registration. This can lead to Stored XSS, SSRF, or Privilege Escalation depending on co...

9.6CVSS6.1AI score0.00425EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/07/10 6:14 a.m.6 views

K000162176: Spring authorization server vulnerability CVE-2026-22752

Security Advisory Description The cve record for the cve id does not exist. CVE-2026-22752 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

9.6CVSS6.1AI score0.00425EPSS
Exploits0
Veracode
Veracode
added 2026/06/17 9:30 a.m.13 views

Open Redirect

Spring Authorization Server is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of the requesturi parameter at the authorization endpoint, where a malicious authorization request can include an invalid requesturi and an attacker-controlled redirecturi, resulting in...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-41008

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35888

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.17 views

CVE-2026-41008

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.20 views

VMware Spring Security和Spring Authorization Server 输入验证错误漏洞

VMware Spring Security and Spring Authorization Server are both products of the American company VMware. VMware Spring Security is a security framework designed to provide descriptive security protections for Spring-based applications. Spring Authorization Server is a framework used to build secu...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.9 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.37 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS0.00172EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.32 views

CVE-2026-41008

CVE-2026-41008 affects Spring Security and Spring Authorization Server. The vulnerability arises from insufficient validation of the request_uri parameter at the authorization endpoint, allowing an attacker to craft a malicious authorization request with an invalid request_uri and an unvalidated ...

6.1CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2026/06/09 11:47 p.m.3 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS6AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.31 views

PT-2026-48309

Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Spring Authorization Server versions 1.5.0 through 1.5.7 Description The authorization endpoint performs insufficient validation of the request uri parameter. An attacker can craft a malicious...

6.1CVSS5.9AI score0.00172EPSS
Exploits0References5
Spring Security Advisories
Spring Security Advisories
added 2026/05/05 12:0 a.m.8 views

This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

5.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/12/23 12:0 a.m.27 views

This Week in Spring – December 23rd, 2025

Happy holidays, everyone! The year may be winding down, but the Spring ecosystem continues unabated. We’re now a few weeks past the generational Spring Boot 4.0 release in November, and there have been tons of releases and patches since then. There’s also equal excitement reflected in posts from...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/12/16 12:0 a.m.10 views

This Week in Spring – December 16th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it’s been! We’ve got around nine shopping days ’til Christmas, and the New Year is almost here! Things are moving so quickly and the Spring community is no exception! Let's dive into this week's wonderful...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-1035

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00522EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2025/09/11 12:0 a.m.8 views

Spring Authorization Server moving to Spring Security 7.0

Spring Authorization Server has come a long way since 1.0 was officially released in November 2022. Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers. It ha...

6.8AI score
Exploits0
Rows per page
Query Builder