Lucene search
+L

43 matches found

euvd
euvd
added 2 days ago5 views

EUVD-2026-43556

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS6.2AI score0.00283EPSS
Exploits0References6
nvd
nvd
added 3 days ago5 views

CVE-2026-62242

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS0.00283EPSS
Exploits0References5
cvelist
cvelist
added 3 days ago33 views

CVE-2026-62242 Spring Boot Admin Server < 4.1.2 SSRF via Unauthenticated Instance Registration

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS0.00283EPSS
Exploits0References5
cve
cve
added 3 days ago16 views

CVE-2026-62242

CVE-2026-62242 affects Spring Boot Admin Server prior to 4.1.2. The vulnerability is a server-side request forgery in the unauthenticated instance registration flow, where attacker-controlled healthUrl and managementUrl are not validated against private IP ranges or metadata endpoints. This allow...

8.6CVSS6.2AI score0.00283EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-11604

Malware in sbrugna...

5.4CVSS5.6AI score0.00475EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-23553

Malicious code in bioql PyPI...

6.9CVSS5.6AI score0.00433EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-1989

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00966EPSS
Exploits1References9
redhatcve
redhatcve
added 2025/08/06 8:37 p.m.6 views

CVE-2025-8525

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been...

6.9CVSS5AI score0.00433EPSS
Exploits1References1
cvelist
cvelist
added 2025/08/04 8:32 p.m.10 views

CVE-2025-8525 Exrick xboot Spring Boot Admin/Spring Actuator information disclosure

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been...

6.9CVSS0.00433EPSS
Exploits1References5
osv
osv
added 2025/08/04 8:32 p.m.5 views

CVE-2025-8525 Exrick xboot Spring Boot Admin/Spring Actuator information disclosure

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been...

6.9CVSS5.1AI score0.00433EPSS
Exploits1References7
vulnrichment
vulnrichment
added 2025/08/04 8:32 p.m.4 views

CVE-2025-8525 Exrick xboot Spring Boot Admin/Spring Actuator information disclosure

A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been...

6.9CVSS6.7AI score0.00433EPSS
Exploits1References5
cve
cve
added 2025/08/04 8:32 p.m.26 views

CVE-2025-8525

CVE-2025-8525 affects Exrick xboot up to 3.3.4, with a root cause tied to an information disclosure in the area of Spring Boot Admin/Spring Actuator . The vulnerability can be triggered remotely and the exploit has been publicly disclosed. Multiple connected sources corroborate the same impact an...

6.9CVSS5.2AI score0.00433EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2025/08/04 12:0 a.m.10 views

PT-2025-31864 · Exrick +1 · Exrick Xboot +2

Name of the Vulnerable Software and Affected Versions: Exrick xboot versions up to 3.3.4 Description: A vulnerability exists in Exrick xboot that may lead to information disclosure. The issue affects an unknown part of the component Spring Boot Admin/Spring Actuator and can be initiated remotely...

6.9CVSS5.1AI score0.00433EPSS
Exploits1References8
redhatcve
redhatcve
added 2025/05/23 1:7 a.m.10 views

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

9.8CVSS6.9AI score0.01437EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:0 p.m.5 views

CVE-2020-19704

A stored cross-site scripting XSS vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS5.9AI score0.00475EPSS
Exploits1
cnnvd
cnnvd
added 2025/04/27 12:0 a.m.5 views

spring-boot-admin 注入漏洞

spring-boot-admin is a codecentric open source based on Spring boot Mybatis open source backend management system , with user management , menu management and role management 3 functions , permission control to the button level . spring-boot-admin version 1.0 there are injection vulnerabilities ,...

9.8CVSS7.1AI score0.00415EPSS
Exploits1References5
vulnersosv
vulnersosv
added 2023/07/14 6:31 a.m.6 views

com.netcetera.girders.demos:girders-demo-adminserver (>=6.0.0 <=6.1.0), com.senzhikong:depend-cloud-monitor (>=1.1.0 <=1.1.1) +11 more potentially affected by CVE-2023-38286 via de.codecentric:spring-boot-admin-server (>=3.0.0 <=3.1.1)

de.codecentric:spring-boot-admin-server MAVEN version =3.0.0, =6.0.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =7.0.0-RC4, =7.0.0-RC6 Source cves: CVE-2023-38286 Source advisory: OSV:GHSA-7GJ7-224W-VPR3...

7.5CVSS7.1AI score0.00966EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/07/14 6:31 a.m.4 views

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), cn.home1:oss-admin (>=1.0.6.OSS <=1.0.7.OSS) +56 more potentially affected by CVE-2023-38286 via de.codecentric:spring-boot-admin-server (>=1.0.2 <=2.7.15)

de.codecentric:spring-boot-admin-server MAVEN version =1.0.2, =0.5.0, =1.0.6.OSS, =1.2.3-RELEASE, =3.0.3.RELEASE, =1.0.0, =1.1.3, =3.0.10, =1.0.0, =5.0.18, =1.5.0-Beta, =1.5.1-RC - com.wudgaby.platform:health-admin-server =1.0.5 and more Source cves: CVE-2023-38286 Source advisory:...

7.5CVSS7.1AI score0.00966EPSS
Exploits1
github
github
added 2023/07/14 6:31 a.m.35 views

Spring-boot-admin sandbox bypass via crafted HTML

Thymeleaf through 3.1.1.RELEASE as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 allows for a sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there is write access ...

7.5CVSS7.7AI score0.00966EPSS
Exploits1References9Affected Software1
osv
osv
added 2023/07/14 6:31 a.m.25 views

GHSA-7GJ7-224W-VPR3 Spring-boot-admin sandbox bypass via crafted HTML

Thymeleaf through 3.1.1.RELEASE as used in spring-boot-admin aka Spring Boot Admin through 3.1.1 allows for a sandbox bypass via crafted HTML. This may be relevant for SSTI Server Side Template Injection and code execution in spring-boot-admin if MailNotifier is enabled and there is write access ...

7.5CVSS6.2AI score0.00966EPSS
Exploits1References9
Rows per page
Query Builder