Lucene search
K

750 matches found

CVE
CVE
added 2025/10/16 2:25 p.m.27 views

CVE-2025-41253

CVE-2025-41253 affects Spring Cloud Gateway Server Webflux: SpEL-enabled routes and unsecured actuator web endpoints can expose environment variables and system properties. Webflux components are vulnerable; WebMVC is not. IBM bulletin lists remediation: upgrade IBM Library Support for Spring to ...

7.5CVSS6.4AI score0.00435EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.6 views

PT-2025-42472

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux is susceptible to a SpEL Spring Expression Language injection issue. This flaw allows unauthenticated attackers to access...

7.5CVSS6.6AI score0.00435EPSS
Exploits0References23
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Spring Cloud Gateway Server Webflux 安全漏洞

Spring Cloud Gateway Server Webflux is a Spring open source gateway server. A security vulnerability exists in Spring Cloud Gateway Server Webflux that stems from the Spring Expression Language that may expose environment variables and system properties, potentially leading to information...

7.5CVSS6.3AI score0.00435EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/15 12:0 a.m.4 views

Expression Language Injection

Overview Affected versions of this package are vulnerable to Expression Language Injection in route definitions. An attacker with permission to define routes can expose the server's file structure or other sensitive environment variables by crafting a SpEL expression to access sensitive system...

8.2CVSS6.8AI score0.00435EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/10/15 12:0 a.m.8 views

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +37 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.3.0 <=4.3.1)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =1.8.9, =0.12.1, =0.12.1, =0.12.10, =3.10.0, =3.11.0 and more Source cves: CVE-2025-41253 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-13561992...

7.5CVSS7.4AI score0.00435EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/10/15 12:0 a.m.8 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +111 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.2.5)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =2023.4.1.0, =1.0.5, =1.0.4, =3.0.0.1, =jdk17-0.0.1 - cn.warpin.maven-central:common-gateway-security =0.0.15 and more Source cves: CVE-2025-41253 Source...

7.5CVSS7.4AI score0.00435EPSS
Exploits0
Veracode
Veracode
added 2025/10/10 9:7 a.m.9 views

Remote Code Execution

org.springframework.cloud, spring-cloud-gateway-server is vulnerable to Remote Code Execution. The vulnerability is due to exposed actuator endpoints evaluating user-controlled input via the GatewayEvaluationContext, allowing attackers to modify Spring Environment properties when the actuator...

10CVSS8.1AI score0.03311EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-26595

Malware in sbrugna...

7.2CVSS5.9AI score0.0106EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.20 views

EUVD-2021-1208

Malware in sbrugna...

5.3CVSS5.5AI score0.00819EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2279

Malware in sbrugna...

6.5CVSS6.4AI score0.00668EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1933

Malware in sbrugna...

8.7CVSS7.5AI score0.00877EPSS
Exploits1References4
Spring Security Advisories
Spring Security Advisories
added 2025/10/07 12:0 a.m.5 views

This Week in Spring - October 7th, 2025

Hi, Spring fans! How're you doing this fantastic October afternoon? I'm on a train returning from Frankfurt, Germany, where I spoke at the Cloud Foundry Day Frankfurt event about how awesome it is to build an application with Spring Boot and Cloud Foundry. Yesterday I was in Antwerp, Belgium, and...

7.2AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-28071

Malicious code in bioql PyPI...

5.5CVSS6.6AI score0.04732EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-47844

Malicious code in bioql PyPI...

9CVSS6.6AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-4750

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.01065EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-4881

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.01589EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-0910

Malicious code in bioql PyPI...

6.5CVSS5.5AI score0.00514EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6840

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00607EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2370

Malicious code in bioql PyPI...

8.2CVSS6.5AI score0.0036EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-10700

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00254EPSS
Exploits0References2
Rows per page
Query Builder