Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 and 3.0.1, Spring Boot 1.5.9 and 2.0 M6 contain a remote code execution caused by processing malicious PATCH requests with crafted JSON data, letting attackers execute arbitrary Java code, exploit requires sending malicious PATCH requests. id: CVE-2017-8046 info: name: Spri...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Demo Khai thác Lỗ hổng Log4Shell CVE-2021-44228 Dự án này m...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +5653 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.5.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.5.0, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =0.7.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4990 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.13)

org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +39297 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.3)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20894 more potentially affected by CVE-2026-40977 via org.springframework.boot:spring-boot (>=3.0.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +5198 more potentially affected by CVE-2026-40975 via org.springframework.boot:spring-boot (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot MAVEN version =4.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40975 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-16191649...

EUVD-2018-0721

Malware in sbrugna...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-boot-2.7.12.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-boot-2.7.12.jar Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7747 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.4)

org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4056 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.10)

org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +38950 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.2)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3036 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.1.0 <=3.1.12)

org.springframework.boot:spring-boot MAVEN version =3.1.0, =0.0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.0.6, =0.0.6, =0.0.28, =0.0.6, =0.0.7, =0.0.8, =0.0.11, =0.0.6, =0.3.2 - ai.timefold.solver:timefold-solver-spring-boot-autoconfigure =1.0.0 -...

📄 Spring Boot common-user-management 0.1 Shell Upload

Spring Boot common-user-management version 0.1 suffers from a remote shell upload vulnerability. Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...

CVE-2023-20883

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service DoS attack if Spring MVC is used together with a reverse proxy cache...

Directory Traversal

spring-boot is vulnerable to directory traversal. The vulnerability exists due to a lack of sanitization of access rights allowing an attacker to write to an embedded web server...

PT-2022-18576 · Spring +2 · Spring Boot +2

Name of the Vulnerable Software and Affected Versions: spring-boot versions prior to version v2.2.11.RELEASE Description: The issue is related to temporary directory hijacking, impacting the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. This...

CVE-2021-26074

Broken Authentication in Atlassian Connect Spring Boot ACSB from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a...