Lucene search
K

96 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 11:10 a.m.9 views

CVE-2026-40987

A flaw was found in Spring Integration. A malicious or compromised FTP File Transfer Protocol, SFTP SSH File Transfer Protocol, or SMB Server Message Block server can exploit this vulnerability. This allows the server to write arbitrary files with attacker-controlled content to any location on th...

7.1CVSS6.2AI score0.0021EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/11 5:3 a.m.31 views

CVE-2026-40987 Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...

7.1CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 5:3 a.m.10 views

EUVD-2026-36202

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through...

7.1CVSS5.6AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 5:3 a.m.36 views

CVE-2026-40987

CVE-2026-40987 affects Spring Integration across multiple tracked branches (7.0.0–7.0.4, 6.5.0–6.5.8, 6.4.0–6.4.11, 6.3.0–6.3.14, 5.5.0–5.5.20). The connected documents describe a vulnerability where a malicious or compromised FTP/SFTP/SMB server can cause the client to write arbitrary files anyw...

7.1CVSS5.6AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48615

Name of the Vulnerable Software and Affected Versions Spring Integration versions 7.0.0 through 7.0.4 Spring Integration versions 6.5.0 through 6.5.8 Spring Integration versions 6.4.0 through 6.4.11 Spring Integration versions 6.3.0 through 6.3.14 Spring Integration versions 5.5.0 through 5.5.20...

7.1CVSS5.9AI score0.0021EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

VMware Spring Integration 路径遍历漏洞

VMware Spring Integration is an enterprise application integration framework developed by VMware, Inc. Versions 7.0.0 to 7.0.4, 6.5.0 to 6.5.8, 6.4.0 to 6.4.11, 6.3.0 to 6.3.14, and 5.5.0 to 5.5.20 of VMware Spring Integration have a path traversal vulnerability. This vulnerability arises due to...

7.1CVSS5.5AI score0.0021EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.9 views

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

cve-2026-40987 - HIGH - Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization...

7.1CVSS6.1AI score0.0021EPSS
Exploits0
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Directory Traversal

Overview org.springframework.integration:spring-integration-file is a Spring Integration File Support Affected versions of this package are vulnerable to Directory Traversal via improper validation of file paths received from FTP, SFTP, or SMB servers. A malicious or compromised server can write...

8.7CVSS6.2AI score0.0021EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework from VMware that integrates artificial intelligence and big language modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.0.0 through 1.0.7 prior and 1.1.0 through 1.1.6 prior, which stems from...

8.6CVSS5.8AI score0.00353EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/03/24 12:0 a.m.31 views

This Week in Spring - March 24th, 2026

Hi, Spring fans! Welcome to yet another rip-roarin' installment of This Week in Spring. As usual, we've got a ton to look into, so let's dive right in! Happy 22nd birthday to Spring Framework, released this day 22 years ago! and of course, next week, 1 April 2026, marks 12 years since Spring Boot...

5.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/02/19 12:0 a.m.18 views

A Bootiful Podcast: Glenn Renfro on Java and Spring community legend and my friend - on Devnexus and more

Hi, Spring fans! In this installment I talk to the amazing Glenn Renfro about Spring Batch, Spring Integration, Spring AI, and much more — plus why you should definitely register to attend the amazing Devnexus event in Atlanta, GA!...

5.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2026/01/26 12:0 a.m.8 views

This Week in Spring - January 26th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this, I cannot believe we're nearly at the end of the month! Time sure flies. Spring AI 2.0.0-M2 is available now Spring Modulith 2.1 M1, 2.0.2, and 1.4.7 released In last week's installment of A Bootiful Podcast ,...

5.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/10/22 12:0 a.m.10 views

New Home for Spring Integration AWS

The Spring Integration for AWS was always an independent Spring Integration extension project with its own plans and release cycles. The consumption of this single jar library has always added a complexity from the dependency management perspective. It depends not only on Spring Integration modul...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0197

Malware in sbrugna...

9.8CVSS9.3AI score0.03002EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2020-0604

Malware in sbrugna...

9.8CVSS8.5AI score0.04409EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0637

Malware in sbrugna...

4.7CVSS5AI score0.01288EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2022-1556

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01038EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3141

Malicious code in bioql PyPI...

4.7CVSS5.2AI score0.01446EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2025/07/29 12:0 a.m.5 views

This Week in Spring - July 29th, 2025

It's the end of July! JULY! The seventh month of the year, done and dusted! AHHHHH! I've got memories of being on a tropical beach over the winter holidays, sipping rum and dodging mosquitoes like I was doing a rhythmic gymnastics routine just recently. It turns out that was seven months ago, not...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:13 p.m.9 views

CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...

5.3CVSS6.6AI score0.01446EPSS
Exploits0References1
Rows per page
Query Builder