CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2 days ago•2 views

ROOT-APP-MAVEN-CVE-2026-22731 CVE-2026-22731 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root

Root has patched CVE-2026-22731 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...

8.2CVSS5.2AI score0.00334EPSS

IBM Security Bulletins•added 2026/04/27 7:43 a.m.•9 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

8.8CVSS7.8AI score0.018EPSS

Exploits9Affected Software1

IBM Security Bulletins•added 2026/03/31 4:56 p.m.•9 views

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires...

9.1CVSS5.8AI score0.0122EPSS

Exploits2Affected Software1

vulnersOsv•added 2026/03/20 12:41 a.m.•5 views

ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +2251 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator (>=3.4.0 <=3.5.11)

org.springframework.boot:spring-boot-actuator MAVEN version =3.4.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =0.8.2 - cc.zzzyu.nacos:nacos-ai =3.1.1 and more Source cves: CVE-2026-22731 Source advisory:...

vulnersOsv•added 2026/03/20 12:41 a.m.•5 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +773 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22731 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701840...

Snyk•added 2026/03/20 12:41 a.m.•6 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the configuration of endpoints under paths already assigned to Health Group additional paths. An attacker can gain unauthorized access to protected endpoints by sending reques...

9.2CVSS5.7AI score0.00334EPSS

Exploits0References2

vulnersOsv•added 2026/03/20 12:38 a.m.•5 views

ai.ancf.lmos:arc-runner (>=0.1.1 <=0.114.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +4715 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.5.11)

org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =cloud-0.1, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...

vulnersOsv•added 2026/03/20 12:38 a.m.•3 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +773 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...

EUVD•added 2026/03/20 12:31 a.m.•3 views

EUVD-2026-13349

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

8.2CVSS5.8AI score0.00353EPSS

Exploits0References2

vulnersOsv•added 2026/03/20 12:31 a.m.•10 views

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7) +7655 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=1.0.0.RELEASE <=2.7.18)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =1.0.0.RELEASE, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =j8.2.2.0, =j8.2.2.0, =j8.2.2.0, =j8.2.2.0, =j11.2.6.2 and more Source cves: CVE-2026-22733 Source advisory:...

vulnersOsv•added 2026/03/20 12:31 a.m.•6 views

ai.langsa:ccaas-starter (=cloud-0.3), au.csiro.pathling:fhir-server (>=7.0.0 <=7.1.0) +2752 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=3.0.0 <=3.3.13)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.0.0, =7.0.0, =2.10.0, =3.6.0, =3.3.0, =2.10.0, =2.10.0, =2.10.0, =3.0.0, =3.3.0, =3.3.0, =3.3.0, =3.3.0, =3.4.0 and more So...

vulnersOsv•added 2026/03/20 12:31 a.m.•4 views

ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +1035 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=3.4.0 <=3.4.13)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.4.0, =0.5.0, =0.8.0, =0.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.1.2 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...

vulnersOsv•added 2026/03/20 12:31 a.m.•6 views

ch.admin.bit.jeap.jme:jme-spring-boot-integration-test-it (>=1.0.0 <=1.0.1), ch.admin.bit.jeap:jeap-archrepo-instance (>=4.17.0 <=4.22.0) +1065 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=3.5.0 <=3.5.11)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.5.0, =1.0.0, =4.17.0, =4.17.0, =4.17.0, =3.14.0, =3.14.0, =3.14.0, =0.0.1, =0.0.13, =0.0.1, =0.0.1, =2.43.0, =4.14.0, =4.14.0, =4.14.0, =4.18.0 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...

vulnersOsv•added 2026/03/20 12:31 a.m.•4 views

ch.admin.bit.jeap.jme:jme-spring-boot-integration-test-it (>=1.0.0 <=1.0.1), ch.admin.bit.jeap:jeap-archrepo-instance (>=4.17.0 <=4.22.0) +1065 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-starter-actuator (>=3.5.0 <=3.5.11)

vulnersOsv•added 2026/03/20 12:31 a.m.•6 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +682 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...

vulnersOsv•added 2026/03/20 12:31 a.m.•8 views

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +682 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)