Lucene search
+L

71 matches found

IBM Security Bulletins
IBM Security Bulletins
added 4 days ago3 views

Security Bulletin: Multiple vulnerabilities found in CICS Transaction Gateway Desktop Edition.

Summary Multiple vulnerabilities have been found in CICS Transaction Gateway Desktop Edition due to the use of Apache Tomcat Embed, Spring Web MVC, Spring Boot, Spring Core, Spring Context, SnakeYAML, Spring Beans, Logback Classic and Logback Core. The Apache Tomcat Embed, Spring Web MVC, Spring...

8.1CVSS7.1AI score0.05666EPSS
Exploits4Affected Software1
OSV
OSV
added 2026/07/02 2:23 p.m.8 views

ROOT-APP-MAVEN-CVE-2026-41845 CVE-2026-41845 in io.root.org.springframework:spring-core - Patched by Root

Root has patched CVE-2026-41845 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...

7.1CVSS5.8AI score0.00161EPSS
Exploits0
OSV
OSV
added 2026/06/22 12:34 p.m.9 views

ROOT-APP-MAVEN-CVE-2025-41249 CVE-2025-41249 in io.root.org.springframework:spring-core - Patched by Root

Root has patched CVE-2025-41249 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.9AI score0.0046EPSS
Exploits0
OSV
OSV
added 2026/06/18 10:6 a.m.12 views

ROOT-APP-MAVEN-AIKIDO-2026-11158 AIKIDO-2026-11158 in io.root.org.springframework:spring-core - Patched by Root

Root has patched AIKIDO-2026-11158 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...

5.3AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.4 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +8632 more potentially affected by CVE-2026-41848 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.7)

org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-41848 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254051...

7.5CVSS5.7AI score0.00317EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.4 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +31266 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=5.3.0 <=5.3.9)

org.springframework:spring-core MAVEN version =5.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2026-41851 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17255206...

7.5CVSS5.7AI score0.0036EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.5 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +31266 more potentially affected by CVE-2026-41848 via org.springframework:spring-core (>=5.3.0 <=5.3.9)

org.springframework:spring-core MAVEN version =5.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2026-41848 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17254051...

7.5CVSS5.7AI score0.00317EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.4 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +8632 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.7)

org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-41851 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-17255206...

7.5CVSS5.7AI score0.0036EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.4 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23855 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=6.1.0 <=6.2.18)

org.springframework:spring-core MAVEN version =6.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

7.5CVSS5.7AI score0.0036EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.4 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23855 more potentially affected by CVE-2026-41848 via org.springframework:spring-core (>=6.1.0 <=6.2.18)

org.springframework:spring-core MAVEN version =6.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

7.5CVSS5.7AI score0.00317EPSS
Exploits0
Snyk
Snyk
added 2026/06/08 12:0 a.m.8 views

Regular Expression Denial of Service (ReDoS)

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via pattern processing in AntPathMatcher. An attacker can cause denia...

7.5CVSS5.5AI score0.00317EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via caching of parsed Spring Expression Language SpEL...

8.2CVSS5.5AI score0.0036EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/29 10:20 a.m.14 views

Denial Of Service (DoS)

Spring Core is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient handling of static resource resolution on Windows file systems, where specially crafted requests can take excessive time to process and hold HTTP connections open, leading to resource exhaustion and servic...

5.3CVSS5.3AI score0.00341EPSS
Exploits0References4Affected Software3
Snyk
Snyk
added 2026/04/17 12:0 a.m.15 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via static resource resolution. An attacker can cause denia...

6.9CVSS5.5AI score0.00341EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/17 12:0 a.m.16 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +7260 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.6)

org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-22745 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109618...

5.3CVSS5.7AI score0.00341EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/17 12:0 a.m.8 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +27766 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=6.0.0 <=6.2.17)

org.springframework:spring-core MAVEN version =6.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

5.3CVSS5.7AI score0.00341EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/10 10:16 a.m.6 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-core (CVE-2025-41249)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41249 of spring-core-6.2.6.jar. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...

7.5CVSS5.7AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 6:16 a.m.5 views

Security Bulletin: Vulnerability in spring-core affects IBM Netezza Appliance

Summary The spring-core package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-41249 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods...

7.5CVSS6.2AI score0.0046EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2025/10/10 8:7 a.m.7 views

Improper Authorization

org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...

7.5CVSS7AI score0.0046EPSS
Exploits0References6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:42 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...

9.1CVSS6.3AI score0.02164EPSS
Exploits0Affected Software1
Rows per page
Query Builder