CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2026/06/10 2:59 p.m.•10 views

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.4AI score0.00247EPSS

Exploits0References1

NVD•added 2026/06/09 5:16 a.m.•12 views

CVE-2026-41849

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

7.5CVSS0.00263EPSS

Exploits0References1

NVD•added 2026/06/09 5:16 a.m.•9 views

CVE-2026-41838

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 throug...

7.5CVSS0.00171EPSS

Exploits0References1

OSV•added 2026/06/09 5:16 a.m.•6 views

UBUNTU-CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS5.2AI score0.00197EPSS

Exploits0References3

EUVD•added 2026/06/09 3:49 a.m.•7 views

EUVD-2026-35326

4.2CVSS5.2AI score0.00197EPSS

Exploits0References1

Positive Technologies•added 2026/06/09 12:0 a.m.•11 views

PT-2026-47649

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description WebSocket session IDs in the spring-websocke...

7.5CVSS5.2AI score0.00171EPSS

Exploits0References3

NVD•added 2026/03/20 12:16 a.m.•5 views

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

2.6CVSS0.00112EPSS

Exploits0References1

OSV•added 2025/10/16 3:15 p.m.•1 views

UBUNTU-CVE-2025-41254

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

4.3CVSS7AI score0.00286EPSS

Exploits0References3

Tenable Nessus•added 2025/08/22 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2021-22096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the...

4.3CVSS6.7AI score0.01268EPSS

Exploits0References3

Tenable Nessus•added 2025/08/20 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2023-20861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide...

6.5CVSS6.8AI score0.0097EPSS

Exploits1References3

Tenable Nessus•added 2025/08/18 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2020-5421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks...

9.6CVSS6.7AI score0.10736EPSS

Exploits2References2

CVE•added 2025/06/12 9:14 p.m.•227 views

CVE-2025-41234

CVE-2025-41234 : In Spring Framework, versions 6.0.x up to 6.0.28, 6.1.x up to 6.1.20, and 6.2.x up to 6.2.7 are vulnerable to a reflected file download (RFD) attack when a response header uses non-ASCII charset in the filename derived from user input via ContentDisposition.Builder#filename(Strin...

6.5CVSS6.7AI score0.00521EPSS

Exploits0References3

Positive Technologies•added 2024/10/17 12:0 a.m.•7 views

PT-2024-7362

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.41 Spring Framework versions prior to 6.0.25 Spring Framework versions prior to 6.1.14 Confluence Data Center and Server versions 3.0 through 9.1.0 Confluence Data Center and Server version 9.1 Bitbucket...

7.8CVSS6.6AI score0.54862EPSS

Exploits6References66