CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

714 matches found

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS5.8AI score0.09681EPSS

Exploits0References4

Nuclei•added yesterday•12 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS5.8AI score0.06417EPSS

Exploits0References4

Nuclei•added 2 days ago•83 views

Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

8.8CVSS7.5AI score0.89561EPSS

Exploits0References5

NVD•added 3 days ago•5 views

CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

5.7CVSS0.00017EPSS

Exploits0References1

NVD•added 3 days ago•6 views

CVE-2026-40990

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

5.7CVSS0.00017EPSS

Exploits0References1

EUVD•added 3 days ago•8 views

EUVD-2026-33734

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-40990 Unbounded cache for function definitions

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•5 views

CVE-2026-40990

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2Affected Software1

Cvelist•added 3 days ago•23 views

CVE-2026-40990 Unbounded cache for function definitions

5.7CVSS0.00017EPSS

Exploits0References1

CVE•added 3 days ago•13 views

CVE-2026-40990

CVE-2026-40990 is an OOM vulnerability in Spring Cloud Function when building an unbounded number of functions in the Function Registry. Affected are Spring Cloud Function 3.2.x (pre-3.2.16), 4.1.x (pre-4.1.10), 4.2.x (pre-4.2.6), 4.3.x (pre-4.3.3), and 5.0.x (pre-5.0.2); older unsupported versio...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2026-40989 Self Routing guard bypassed via function composition

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Cvelist•added 3 days ago•21 views

CVE-2026-40989 Self Routing guard bypassed via function composition

5.7CVSS0.00017EPSS

Exploits0References1

CVE•added 3 days ago•7 views

CVE-2026-40989

CVE-2026-40989 affects Spring Cloud Function lineages (3.2.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x) with older/unsupported versions also impacted. The issue is an infinite recursion in the routing layer that can cause an Out-Of-Memory (OOM) condition during request handling. The root cause is not fully dis...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-33733

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•5 views

CVE-2026-40989

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2Affected Software1

Nuclei•added 3 days ago•25 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.91358EPSS

Exploits6References5

CNNVD•added 3 days ago•2 views

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from infinite recursion at the routing layer, potentially leading to a memory insufficiency...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Positive Technologies•added 3 days ago•7 views

PT-2026-45515

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2

CNNVD•added 3 days ago•2 views

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from attempting to add an unlimited number of functions to the function registry, potentially...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Positive Technologies•added 3 days ago•4 views

PT-2026-45514

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by