1277 matches found
Spring Boot Actuator Logview Directory Traversal
spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint maven package "eu.hinsch:spring-boot-actuator-logview". id: CVE-2021-21234 info: name: Spring Boot Actuator Logview...
Java-springboot-codebase 1.1 - Arbitrary File Read
OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...
Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...
MongoDB-backed Spring Batch jobs and more in Spring Boot 4.1
Spring Batch was introduced many years before MongoDB existed, and its design assumed the presence of a SQL database in which to store the state of Spring Batch jobs. But that was decades ago, and a common question for anyone new to Spring Batch was, "Why does this thing need to talk to a SQL...
ROOT-APP-MAVEN-CVE-2026-40973 CVE-2026-40973 in io.root.org.springframework.boot:spring-boot - Patched by Root
Root has patched CVE-2026-40973 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-40976 CVE-2026-40976 in io.root.org.springframework.boot:spring-boot - Patched by Root
Root has patched CVE-2026-40976 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22733 CVE-2026-22733 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22733 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-22235 CVE-2025-22235 in io.root.org.springframework.boot:spring-boot - Patched by Root
Root has patched CVE-2025-22235 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-38807 CVE-2024-38807 in io.root.org.springframework.boot:spring-boot-loader - Patched by Root
Root has patched CVE-2024-38807 in the io.root.org.springframework.boot:spring-boot-loader package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22731 CVE-2026-22731 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22731 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-20883 CVE-2023-20883 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root
Root has patched CVE-2023-20883 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-40972 CVE-2026-40972 in io.root.org.springframework.boot:spring-boot-devtools - Patched by Root
Root has patched CVE-2026-40972 in the io.root.org.springframework.boot:spring-boot-devtools package for Root:Maven. Multiple fixed versions available...
Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)
Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...
Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.
Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...
Security Bulletin: Security Vulnerability in Spring Boot Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-22235)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Boot Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been create...
cybersec-bad-folio
DevFolio Application portfolio étudiant — Spring Boot 3.2 + V...
CVE-2026-41001
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...
CVE-2026-40992
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...
CVE-2026-41001
CVE-2026-41001 affects Spring Boot’s ArtemisEmbeddedConfigurationFactory, which uses a fixed, static path for the embedded Artemis broker data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before appli...