Lucene search
K

89 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 11:48 p.m.8 views

CVE-2026-41711 Potential Denial of Service through crafted Sort Parameters

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through...

5.9CVSS5.4AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:47 p.m.36 views

CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 11:47 p.m.12 views

EUVD-2026-35891

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:47 p.m.53 views

CVE-2026-41695

Spring Data Commons contains a Denial of Service risk (CVE-2026-41695) caused by resource exhaustion during property path resolution in MappingContext. Affected versions are Spring Data Commons 4.0.0–4.0.5; 3.5.0–3.5.11; 3.4.0–3.4.14. The provided documents describe the issue and affected release...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 11:47 p.m.10 views

CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48311

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Description Applications may be subject to denial of service through resource exhaustion. This...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48321

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

5.9CVSS5.9AI score0.00331EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48316

Name of the Vulnerable Software and Affected Versions Spring Data Commons versions 4.0.0 through 4.0.5 Spring Data Commons versions 3.5.0 through 3.5.11 Spring Data Commons versions 3.4.0 through 3.4.14 Spring Data Commons versions 3.3.0 through 3.3.16 Spring Data Commons versions 3.2.0 through...

5.9CVSS5.8AI score0.0028EPSS
Exploits0References4
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.6 views

CVE-2026-41721: Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload , when an attacker sends a specially crafted HTTP request that causes the application to allocate...

5.9CVSS5.6AI score0.00331EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.9 views

CVE-2026-41711: Potential Denial of Service through crafted Sort Parameters

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. This issue can occur if an application explicitly exposes an endpoint that accepts Sort parameters from untrusted sources and passes them on...

5.9CVSS5.8AI score0.0028EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.7 views

CVE-2026-41695: Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Specifically, an application is vulnerable when all of the following are true: Spring Data...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/09 12:22 p.m.173 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

10CVSS7.4AI score0.99939EPSS
Exploits189
GithubExploit
GithubExploit
added 2025/12/06 10:58 a.m.308 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

10CVSS8.7AI score0.99939EPSS
Exploits189
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0511

Malware in sbrugna...

7.5CVSS7.7AI score0.01969EPSS
Exploits0References8
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.52 views

CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions,

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS9.6AI score0.95649EPSS
Exploits9
F5 Networks
F5 Networks
added 2023/02/21 6:59 p.m.57 views

K27053426: Spring data XML vulnerability CVE-2018-1259

Security Advisory Description Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library...

7.5CVSS7.8AI score0.0497EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/11/14 12:0 a.m.7 views

The vulnerability of the SimpleEvaluationContext class in the Spring Data Commons data management platform and the Spring Data REST framework for creating web services allows a attacker to execute arbitrary code.

The vulnerability of the SimpleEvaluationContext class in the Spring Data Commons data management platform and the Spring Data REST web framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially...

10CVSS8.2AI score0.95649EPSS
Exploits9References10Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.92 views

Spring Data Commons < 1.13.11 / 2.x < 2.0.6 RCE

The version of Spring Data Commons installed on the remote host is affected by a remote code execution vulnerability. Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of...

9.8CVSS9AI score0.95649EPSS
Exploits9References2
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.28 views

VMware Tanzu Spring Data Commons Property Binder Vulnerability

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...

9.8CVSS4.5AI score0.95649EPSS
In wildExploits9
Gitee
Gitee
added 2021/09/15 11:52 p.m.6 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Based on the provided code and metadata, here is a description of the repository and its contents: Repository: This repository appears to be a Maven wrapper for the Apache Maven project, specifically version 3.5.3. The repository contains metadata and configuration files for the Maven wrapper,...

9.8CVSS9.1AI score0.95649EPSS
Exploits9
Rows per page
Query Builder