Lucene search
K

17 matches found

OSV
OSV
added yesterday4 views

ROOT-APP-MAVEN-CVE-2026-40992 CVE-2026-40992 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root

Root has patched CVE-2026-40992 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...

5CVSS5.8AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/06/18 9:47 a.m.11 views

ROOT-APP-MAVEN-CVE-2023-20883 CVE-2023-20883 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root

Root has patched CVE-2023-20883 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00904EPSS
Exploits0
Snyk
Snyk
added 2026/06/10 12:0 a.m.6 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via missing hostname verification in the auto-configuration. An attacker can impersonate a trusted mail server and intercept or manipulate SMTP communications because hostname...

5CVSS5.3AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...

5.3CVSS5.3AI score0.00094EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/06 1:44 p.m.5 views

Security Bulletin: Due to use of spring-boot-autoconfigure-3.5.13.jar, IBM Sterling Connect:Direct Web Services is vulnerable to not perform hostname verification.

Summary spring-boot-autoconfigure-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40971, CVE-2026-40974. Vulnerability Details CVEID:CVE-2026-40971 DESCRIPTION: When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname...

9.8CVSS5.5AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 2:4 p.m.12 views

Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-boot-autoconfigure (CVE-2026-40974)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-40974 reported for spring-boot-autoconfigure-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40974 DESCRIPTION: Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL...

9.8CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/04/23 12:0 a.m.14 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch when using an SSL bundle. This effectively weakens TLS by allowing connections without verifying the server identity classic MITM risk. Remediation Upgrade...

9.2CVSS5.4AI score0.00157EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/23 12:0 a.m.6 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +17982 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=3.2.0 <=3.5.13)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.2.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

9.1CVSS5.7AI score0.00157EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/23 12:0 a.m.12 views

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.8.4) +5026 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40971 Source advisory:...

9.1CVSS5.7AI score0.00157EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/23 12:0 a.m.7 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +20700 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-autoconfigure (>=3.0.0 <=3.5.13)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

9.8CVSS5.7AI score0.00182EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/20 12:38 a.m.5 views

ai.ancf.lmos:arc-runner (>=0.1.1 <=0.114.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +4275 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.0.0 <=3.5.11)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.0.0, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =cloud-0.1, =0.0.1, =7.0.0, =7.2.0 and more Source cves: CVE-2026-22733 Source advisory:...

8.2CVSS7.2AI score0.0036EPSS
Exploits0
Veracode
Veracode
added 2023/05/31 1:11 a.m.39 views

Denial Of Service (DoS)

spring-boot-autoconfigure is vulnerable to Denial Of Service DoS. The vulnerability is applicable when the application has Spring MVC auto-configuration enabled and uses the Spring Boot welcome page, which can be either static or templated, and the application is deployed behind a proxy which...

7.5CVSS6.8AI score0.00904EPSS
Exploits0References8Affected Software1
vulnersOsv
vulnersOsv
added 2023/05/26 6:30 p.m.4 views

ai.ylyue:yue-library-base (=j11.2.6.2), ai.ylyue:yue-library-data-es (=j11.2.6.2) +3480 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.6.0 <=2.6.14)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.6.0, =2.2.53, =0.23.9, =0.1.2, =5.7.0, =5.7.7, =5.7.0, =6.4.7 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...

7.5CVSS7.1AI score0.00904EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/05/26 6:30 p.m.7 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.djl.spring:djl-spring-boot-starter-autoconfigure (>=0.2 <=0.11) +26968 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=1.0.0.RELEASE <=2.5.14)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =1.0.0.RELEASE, =4.4.0.0, =0.2, =0.2, =0.2, =0.2, =0.2, =0.2, =0.5, =0.0.12, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.51 and more Source cves: CVE-2023-20883 Source advisory: OSV:GHSA-XF96-W227-R7C4...

7.5CVSS7.1AI score0.00904EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/05/26 6:30 p.m.12 views

ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=0.9.38 <=0.9.39), ai.timefold.solver:timefold-solver-spring-boot-starter (>=0.9.38 <=0.9.39) +3808 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=3.0.0 <=3.0.6)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =3.0.0, =0.9.38, =0.9.38, =2.0.0, =3.0.0, =2.9.9, =0.25.3, =0.1.43, =0.1.65 - cc.vihackerframework:vihacker-annotation =1.0.8.R - cc.vihackerframework:vihacker-auth-starter =1.0.8.R - cc.vihackerframework:vihacker-common-starter...

7.5CVSS7.1AI score0.00904EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/05/26 6:30 p.m.8 views

ai.timefold.solver:timefold-solver-spring-boot-autoconfigure (>=0.8.38 <=0.8.39), ai.timefold.solver:timefold-solver-spring-boot-starter (>=0.8.38 <=0.8.39) +4744 more potentially affected by CVE-2023-20883 via org.springframework.boot:spring-boot-autoconfigure (>=2.7.0 <=2.7.11)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =2.7.0, =0.8.38, =0.8.38, =v0.16.1, =v0.16.1, =v0.16.1, =1.0.0, =5.3.1, =2.2.94, =0.23.48, =0.1.13, =1.9, =1.10 - ca.uhn.hapi.fhir:hapi-fhir-spring-boot-autoconfigure =6.6.0 -...

7.5CVSS7.1AI score0.00904EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/10 12:1 p.m.5 views

io.github.talelin:lin-cms-spring-boot-autoconfigure (>=0.0.1-RC1 <=0.2.0-RELEASE), io.github.talelin:lin-cms-spring-boot-starter (>=0.0.1-RC1 <=0.2.0-RELEASE) potentially affected by CVE-2022-44244 via io.github.talelin:lin-cms-core (>=0.0.1-RC2 <=0.2.0-RELEASE)

io.github.talelin:lin-cms-core MAVEN version =0.0.1-RC2, =0.0.1-RC1, =0.0.1-RC1, =0.2.0-RELEASE Source cves: CVE-2022-44244 Source advisory: OSV:GHSA-4VRC-Q7M6-VQ7W...

6.6CVSS6.6AI score0.01016EPSS
Exploits1
Rows per page
Query Builder