Lucene search
K

1287 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.16 views

Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

10CVSS7.3AI score0.01945EPSS
Exploits10References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true , are not affected...

5CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/10 12:0 a.m.6 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch via missing hostname verification in the auto-configuration. An attacker can impersonate a trusted mail server and intercept or manipulate SMTP communications because hostname...

5CVSS5.3AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.7 views

Insecure Temporary File

Overview Affected versions of this package are vulnerable to Insecure Temporary File via the default data directory configuration in ArtemisEmbeddedConfigurationFactory. A local attacker can tamper with or redirect the embedded Artemis broker's data storage by pre-creating the predictable data...

5.3CVSS5.3AI score0.00094EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/09 11:32 a.m.48 views

ecommerce-poc

Event-Driven E-Commerce Saga POC This project is a small even...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/08 2:15 p.m.6 views

CVE-2026-11521 Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction...

6.5CVSS6.1AI score0.00272EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/08 2:15 p.m.39 views

CVE-2026-11521 Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction...

6.5CVSS0.00272EPSS
Exploits0References6
Veracode
Veracode
added 2026/06/08 1:27 p.m.11 views

Use Of Predictable Salt

jasypt-spring-boot is vulnerable to Use of Predictable Salt. The vulnerability is due to the getSecretKeySaltGenerator implementation in SimpleGCMConfig.java, which can generate predictable salts for password hashing operations. This reduces the effectiveness of the one-way hash and may allow...

6.3CVSS5.4AI score0.00202EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.17 views

PT-2026-47295

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction...

6.5CVSS6.1AI score0.00272EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/06 1:44 p.m.5 views

Security Bulletin: Due to use of spring-boot-autoconfigure-3.5.13.jar, IBM Sterling Connect:Direct Web Services is vulnerable to not perform hostname verification.

Summary spring-boot-autoconfigure-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40971, CVE-2026-40974. Vulnerability Details CVEID:CVE-2026-40971 DESCRIPTION: When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname...

9.8CVSS5.5AI score0.00182EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.10 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.9 views

Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.

A flaw was found in Spring Boot. The $random.value property source utilizes a weak pseudo-random number generator PRNG, meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information...

8.2CVSS5.7AI score0.00312EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.15 views

Important: Red Hat Security Advisory: Red Hat Data Grid 8.6.1 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

10CVSS7AI score0.01735EPSS
Exploits6References14
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

CicadasCMS 代码注入漏洞

CicadasCMS is a content management framework developed by the Chinese individual developer westboy, based on SpringBoot, Mybatis, SpringSecurity, and Vue. CicadasCMS has a code injection vulnerability, which stems from an unknown function issue in the task scheduling management module, specifical...

4.8CVSS4.9AI score0.0021EPSS
Exploits0References6
NVD
NVD
added 2026/05/30 8:16 p.m.11 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/30 7:15 p.m.10 views

CVE-2026-10152

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/30 7:15 p.m.8 views

CVE-2026-10152 TaleLin lin-cms-spring-boot book Endpoint BookController.java access control

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/05/30 7:15 p.m.20 views

CVE-2026-10152

TaleLin lin-cms-spring-boot up to 0.2.1 contains an access-control issue in the BookEndpoint path BookController.java. The underlying cause is stated as improper access controls due to some unknown file processing, with a remote attack possibility and public exploit availability. No specific vuln...

6.5CVSS6.3AI score0.00206EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.14 views

CVE-2026-9370

A weakness has been identified in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password...

6.3CVSS5.1AI score0.00202EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 2:4 p.m.15 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-boot (CVE-2026-40973, CVE-2026-40975, CVE-2026-40977)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-40973, CVE-2026-40975, CVE-2026-40977 reported for spring-boot-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the...

8.2CVSS6AI score0.00312EPSS
Exploits0Affected Software1
Rows per page
Query Builder