Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization causing web security to be ineffective and allowing unauthorized access to all endpoints. Note: This is only exploitable if the following conditions are met: - the application is servlet-based; - the application ha...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +681 more potentially affected by CVE-2026-40976 via org.springframework.boot:spring-boot-security (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-security MAVEN version =4.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

IceCMS Authentication Error Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . An authentication bypass vulnerability exists in IceCMS v3.4.7 and earlier versions, which stems from the inclusion of hard-coded JWT keys that can be exploited by an attacker to forge JWT...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in the file /api/dept/buil...

This Week in Spring - June 27th, 2023

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I am in Seoul talking to developers about the latest-and-greatest in Spring Boot 3! There's so much great stuff coming, and so much great stuff already. There are a few things I'm super excited about. First, yesterda...