CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

179 matches found

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS

Exploits0References1

Cvelist•added 4 hours ago•4 views

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS

Exploits0References1

CVE•added 4 hours ago•5 views

CVE-2026-41853

CVE-2026-41853 concerns Multipart request smuggling in Spring Framework’s Spring MVC and WebFlux components. Affected are Spring Framework versions: 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48. The CVE entry identifies the issue as a vulnerability in multipart handling, with an accompan...

5.3CVSS5.5AI score

Exploits0References1

EUVD•added 4 hours ago•3 views

EUVD-2026-35335

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

4.8CVSS5.4AI score

Exploits0References1

Cvelist•added 4 hours ago•2 views

CVE-2026-41844 Spring Framework Open Redirect in Spring MVC and WebFlux

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

4.2CVSS

Exploits0References1

CVE•added 4 hours ago•8 views

CVE-2026-41843

CVE-2026-41843 affects Spring Framework, specifically Spring MVC and WebFlux, where path traversal can occur when resolving static resources. Affected versions include 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The connected documents confirm the vulnerability class as path traver...

5.9CVSS5.5AI score

Exploits0References1

Cvelist•added 4 hours ago•3 views

CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS

Exploits0References1

Cvelist•added 4 hours ago•2 views

CVE-2026-41842 Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

7.5CVSS

Exploits0References1

EUVD•added 4 hours ago•4 views

EUVD-2026-35328

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.9CVSS5.5AI score

Exploits0References1

EUVD•added 4 hours ago•3 views

EUVD-2026-35327

5.9CVSS5.4AI score

Exploits0References1

Positive Technologies•added 8 hours ago•4 views

PT-2026-47658

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

4.8CVSS5.4AI score

Exploits0References2

Positive Technologies•added 8 hours ago•4 views

PT-2026-47651

5.9CVSS5.5AI score

Exploits0References2

OSV•added 4 days ago•3 views

ROOT-APP-MAVEN-CVE-2024-38819 CVE-2024-38819 in io.root.org.springframework:spring-webflux - Patched by Root

Root has patched CVE-2024-38819 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.2AI score0.93306EPSS

Exploits5

OSV•added 4 days ago•4 views

ROOT-APP-MAVEN-CVE-2024-38816 CVE-2024-38816 in io.root.org.springframework:spring-webflux - Patched by Root

Root has patched CVE-2024-38816 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...

7.5CVSS7AI score0.9389EPSS

Exploits1

IBM Security Bulletins•added 2026/05/05 6:22 p.m.•26 views

Security Bulletin: Vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash. Vulnerabilities include an attacker, local attacker, remote attacker and authenticated attacker could exploit these vulnerabilitie...

9.8CVSS8.7AI score0.90224EPSS

Exploits15Affected Software1

RedhatCVE•added 2026/05/05 1:29 p.m.•4 views

CVE-2026-22740

A flaw was found in Spring WebFlux, a component of the Spring Framework. A remote attacker can exploit this vulnerability by sending specially crafted multipart requests to a WebFlux server application. When processing these requests, the server creates temporary files that, under certain...

6.5CVSS5.8AI score0.00061EPSS

Exploits0References5

RedhatCVE•added 2026/05/04 8:47 a.m.•3 views

CVE-2026-22741

A flaw was found in Spring MVC and Spring WebFlux applications. A remote attacker can exploit this vulnerability by sending malicious requests to poison the resource cache with incorrectly encoded resources. This can lead to a denial of service DoS by disrupting the front-end application for...

5.9CVSS5.8AI score0.00083EPSS

Exploits0References5

Tenable Nessus•added 2026/05/04 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-22741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all...

3.1CVSS5.8AI score0.00083EPSS

Exploits0References4

vulnersOsv•added 2026/04/29 12:33 p.m.•6 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +1202 more potentially affected by CVE-2026-22740 via org.springframework:spring-webflux (>=6.1.0 <=6.1.21)

org.springframework:spring-webflux MAVEN version =6.1.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.6.0, =0.6.0, =1.2.0, =2.1.0, =1.3.0, =1.0.2, =1.0.45 and more Source cves: CVE-2026-22740 Source advisory: OSV:GHSA-5843-P793-GHMM...

6.5CVSS5.8AI score0.00061EPSS

Exploits0

vulnersOsv•added 2026/04/29 12:33 p.m.•3 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +1478 more potentially affected by CVE-2026-22741 via org.springframework:spring-webflux (>=6.2.0 <=6.2.17)

org.springframework:spring-webflux MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

3.1CVSS5.8AI score0.00083EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by