Lucene search
K

1288 matches found

Veracode
Veracode
added 2026/04/29 11:4 a.m.8 views

Arbitrary File Overwrite

org.springframework.boot, spring-boot is vulnerable to arbitrary file overwrite. The vulnerability is due to insecure handling of the PID file via ApplicationPidFileWriter, which allows a local attacker with write access to the PID file location to exploit symlink behavior and overwrite or corrup...

6.7CVSS5.5AI score0.00112EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2026/04/29 10:52 a.m.10 views

Improper Hostname Verification

Spring Boot is vulnerable to improper hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by impersonating the RabbitMQ broker...

9.1CVSS5.2AI score0.00157EPSS
Exploits0References3Affected Software2
Veracode
Veracode
added 2026/04/29 10:41 a.m.9 views

Default Security Bypass

Spring Boot is vulnerable to Default Security Bypass. The vulnerability is due to Spring Boot's default web security being ineffective, where an application with no Spring Security configuration and relying on the default web security filter chain can allow unauthorized access to all endpoints, a...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2026/04/29 10:18 a.m.13 views

Improper Control Of Temporary Directory Access

org.springframework.boot, spring-boot is vulnerable to improper control of temporary directory access. The vulnerability is due to inadequate ownership verification of the ApplicationTemp directory when persistent sessions are enabled, which allows a local attacker to gain control of the director...

7CVSS5.7AI score0.00136EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/04/29 10:9 a.m.12 views

Improper SSL Hostname Verification

org.springframework.boot, spring-boot-elasticsearch is vulnerable to improper SSL hostname verification. The vulnerability is due to missing hostname verification in SSL bundle configuration, which allows an attacker to perform man-in-the-middle attacks by connecting to a malicious Elasticsearch...

6.8CVSS5.2AI score0.00136EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2026/04/29 9:24 a.m.6 views

Weak Random Value Generation For Secrets (weak PRNG)

Spring Boot is vulnerable to the use of a weak pseudo-random number generator PRNG. The vulnerability is due to the use of predictable random value sources e.g., $random.value, $random.int, $random.long, which allows an attacker to guess or brute-force generated secrets and compromise application...

8.2CVSS5.8AI score0.00312EPSS
Exploits0References10Affected Software2
RedhatCVE
RedhatCVE
added 2026/04/29 9:0 a.m.9 views

CVE-2026-40977

A flaw was found in Spring Boot when an application is configured to use ApplicationPidFileWriter. A local attacker with write access to the PID file's location can exploit this vulnerability to corrupt one arbitrary file on the host each time the application is started. This can lead to data...

6.7CVSS5.7AI score0.00112EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/29 8:5 a.m.10 views

Timing Attack

org.springframework.boot, spring-boot-devtools is vulnerable to a timing attack. The vulnerability is due to insecure comparison of the DevTools remote secret, which allows an attacker on the same network to exploit timing differences to guess the secret and potentially achieve remote code...

7.5CVSS5.8AI score0.00262EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch...

6.8CVSS5.8AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/28 12:27 p.m.3 views

CVE-2026-40970

A flaw was found in Spring Boot. When configured to use an SSL Secure Sockets Layer bundle, the Elasticsearch auto-configuration component does not perform hostname verification when establishing a connection to the Elasticsearch server. An attacker on an adjacent network could exploit this by...

6.8CVSS5.4AI score0.00136EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/04/28 9:7 a.m.107 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell Security Lab — nginx + Coraza WAF Mục đích giáo...

10CVSS8AI score0.99999EPSS
Exploits351
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.13 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +5714 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.5.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.5.0, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =0.7.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

7CVSS5.7AI score0.00136EPSS
Exploits0
OSV
OSV
added 2026/04/28 12:31 a.m.5 views

GHSA-MQVW-JFMH-93QQ Spring Boot's Cassandra SSL auto-configuration disables TLS hostname verification

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16, 3.3.0–3.3.18 fix 3.3.19, 2.7.0–2.7.32 fix 2.7.33; Cassandra SSL...

5CVSS5.8AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/04/28 12:31 a.m.5 views

GHSA-M4X9-HX6X-2C43 Spring Boot's random value property source uses a weak PRNG unsuitable for secrets

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

4.8CVSS5.8AI score0.00312EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.7 views

com.devskiller.friendly-id:friendly-id-openfeign (>=2.0.0-alpha3 <=2.0.0-beta5), io.github.bluetape4k:bluetape4k-spring-boot4-cassandra (>=1.5.0 <=1.7.0) +18 more potentially affected by CVE-2026-40975 via org.springframework.boot:spring-boot-cassandra (>=4.0.0 <=4.0.5)

org.springframework.boot:spring-boot-cassandra MAVEN version =4.0.0, =2.0.0-alpha3, =1.5.0, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.5 - org.springframework.boot:spring-boot-starter-data-cassan...

8.2CVSS5.8AI score0.00312EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.8 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +5085 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=4.0.0 <=4.0.5)

org.springframework.boot:spring-boot MAVEN version =4.0.0, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

7CVSS5.7AI score0.00136EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.10 views

com.devskiller.friendly-id:friendly-id-openfeign (>=2.0.0-alpha3 <=2.0.0-beta5), io.github.bluetape4k:bluetape4k-spring-boot4-cassandra (>=1.5.0 <=1.7.0) +18 more potentially affected by CVE-2026-40977 via org.springframework.boot:spring-boot-cassandra (>=4.0.0 <=4.0.5)

org.springframework.boot:spring-boot-cassandra MAVEN version =4.0.0, =2.0.0-alpha3, =1.5.0, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.5 - org.springframework.boot:spring-boot-starter-data-cassan...

6.7CVSS5.8AI score0.00112EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.13 views

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +4735 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.13)

org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.17.0, =1.17.0, =1.17.0, =0.0.1, =0.0.1, =0.25.7-rc.64, =0.25.7-rc.68 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

7CVSS5.7AI score0.00136EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.19 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +39336 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.3)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

7CVSS5.7AI score0.00136EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/28 12:31 a.m.10 views

ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4998 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.13)

org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

7CVSS5.7AI score0.00136EPSS
Exploits0
Rows per page
Query Builder