Lucene search
K

1889 matches found

Vulnrichment
Vulnrichment
added 2025/10/01 7:26 a.m.11 views

CVE-2025-11226 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7CVSS7.4AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2025/10/01 7:26 a.m.49 views

CVE-2025-11226

CVE-2025-11226 is an ACE vulnerability in logback-core’s conditional configuration file processing. The attackable path is present in Java applications using logback-core versions up to 1.5.18 (some sources reference up to 1.5.34); exploitation can enable arbitrary code execution by compromising ...

7CVSS7.4AI score0.00181EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/10/01 7:26 a.m.2 views

CVE-2025-11226

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

7CVSS6.1AI score0.00181EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.3 views

PT-2025-40064

Name of the Vulnerable Software and Affected Versions logback-core versions up to and including 1.5.18 Description A flaw exists in the conditional configuration file processing within logback-core, potentially allowing an attacker to execute arbitrary code. This is possible by compromising an...

7CVSS7.5AI score0.00181EPSS
Exploits0References26
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/01 12:0 a.m.8 views

QOS.CH logback-core is vulnerable to Arbitrary Code Execution through file processing

QOS.CH logback-core versions up to 1.5.18 contain an ACE vulnerability in conditional configuration file processing in Java applications. This vulnerability allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting a malicious environment...

7CVSS7.3AI score0.00181EPSS
Exploits0References8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 11:50 p.m.7 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-41234)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflect...

6.5CVSS6.6AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:18 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-22233)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for reques...

5.3CVSS6.4AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 8:30 p.m.43 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerabl...

7.5CVSS7AI score0.54862EPSS
Exploits8Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2025/09/23 12:0 a.m.5 views

This Week in Spring - September 23rd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm preparing my talks for several amazing shows including: Commit Your Code conference in Plano, Texas starting tomorrow; Dev2Next in Colorado; Devoxx Belgium in Antwerp, Belgium; and CloudFoundry Days in Germany. So much go...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/09/23 12:0 a.m.4 views

HTTP Service Client Enhancements

In this 3rd blog post of the Road to GA series that’s highlighting major features within the Spring portfolio for the next major versions to be released in November we’ll have a look at new features for HTTP service clients, which are a collaborative effort across several Spring projects...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-41249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type wit...

7.5CVSS6.8AI score0.0046EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/18 12:0 a.m.13 views

Spring Framework 5.3.x < 5.3.45 / 6.1.x < 6.1.23 / 6.2.x < 6.2.11 Annotation Detection Vulnerability (CVE-2025-41249)

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.45, 6.1.x prior to 6.1.23, or 6.2.x prior to 6.2.11. It is, therefore, affected by an annotation detection vulnerability: - The Spring Framework annotation detection mechanism may not correctly resolve annotations ...

7.5CVSS7.8AI score0.0046EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/17 3:50 p.m.5 views

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS5.9AI score0.0046EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/16 3:32 p.m.9 views

Spring Framework annotation detection mechanism may result in improper authorization

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.9AI score0.0046EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/09/16 3:32 p.m.4 views

GHSA-JMP9-X22R-554X Spring Framework annotation detection mechanism may result in improper authorization

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS5.8AI score0.0046EPSS
Exploits0References6
NVD
NVD
added 2025/09/16 11:15 a.m.4 views

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS0.0046EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 11:15 a.m.5 views

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.9AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 11:15 a.m.3 views

DEBIAN-CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.7AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 11:15 a.m.2 views

UBUNTU-CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS6.5AI score0.0046EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/16 10:15 a.m.13 views

CVE-2025-41249 CVE-2025-41249: Spring Framework Annotation Detection Vulnerability

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

7.5CVSS0.0046EPSS
Exploits0References1
Rows per page
Query Builder