Lucene search
+L

1949 matches found

Nuclei
Nuclei
added 7 hours ago42 views

Spring Framework - Path Traversal

Spring Framework MVC applications deployed as WAR or with embedded Servlet containers that do not reject suspicious URI sequences and serve static resources with Spring resource handling contain a path traversal vulnerability, letting attackers access unauthorized files, exploit requires...

5.9CVSS6.2AI score0.01916EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-41845

A flaw was found in Spring Framework. Due to incorrect escaping when using JavaScriptUtils.javaScriptEscape, a remote attacker could inject malicious JavaScript code into a user's browser. This could lead to a cross-site scripting XSS vulnerability, allowing the attacker to execute arbitrary...

7.1CVSS5.3AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-41839

A flaw was found in Spring Framework. A remote attacker, by compromising a subdomain of a WebFlux application for example, through cross-site scripting XSS, could exploit this vulnerability to escalate privileges. This allows the attacker to exchange a known session ID for that of an authenticate...

4.2CVSS4.7AI score0.00197EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-41844

A flaw was found in Spring Framework. A Spring MVC or Spring WebFlux application that configures a mapping for "/" without explicitly specifying the view name is vulnerable. An attacker can exploit this by crafting a malicious link, leading to an open redirect. This allows the attacker to redirec...

6.1CVSS5AI score0.00134EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-41850

A flaw was found in Spring Framework. Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. A remote attacker can exploit this by providing a specially crafted expression, which triggers excessive resource...

7.5CVSS5AI score0.0036EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-41853

A flaw was found in Spring MVC and WebFlux applications, components of the Spring Framework. This vulnerability allows a remote, unauthenticated attacker to perform Multipart request smuggling attacks. Such an attack can lead to a low integrity impact, potentially enabling the attacker to bypass...

5.3CVSS4.8AI score0.00186EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-41851

A flaw was found in Spring Framework. Applications that accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack. This occurs if the evaluation of a SpEL expression triggers unbounded cache growth, consuming excessive resources and makin...

7.5CVSS4.8AI score0.0036EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-41848

A flaw was found in Spring Framework. A remote attacker can exploit this vulnerability by providing a specially crafted regular expression pattern to the AntPathMatcher component. This can lead to a Regular Expression Denial of Service ReDoS condition, causing the application to become...

7.5CVSS5AI score0.00317EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-41842

A flaw was found in the Spring Framework. This vulnerability allows a remote attacker to cause a Denial of Service DoS by exploiting how Spring MVC and WebFlux applications resolve static resources. This can lead to the affected application becoming unavailable. Mitigation Mitigation for this iss...

7.5CVSS5AI score0.00399EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-41846

A flaw was found in Spring MVC applications, part of the Spring Framework. This vulnerability allows a remote attacker to inject arbitrary HTML or JavaScript code due to improper handling of user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags. Successful...

6.8CVSS5.2AI score0.0014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-41854

A flaw was found in Spring Framework. Due to incorrect host parsing in the UriComponentsBuilder component, applications that process externally provided URL strings may be vulnerable to a Server-Side Request Forgery SSRF attack. An SSRF attack allows an attacker to trick the server into making...

6.5CVSS4.9AI score0.00123EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/07/09 6:31 p.m.5 views

K000162161: Spring Framework vulnerability CVE-2026-41839

Security Advisory Description A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7;...

4.2CVSS5.8AI score0.00197EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/07/09 10:3 a.m.5 views

K000162156: Spring Framework vulnerability CVE-2026-41844

Security Advisory Description A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions:...

6.1CVSS6AI score0.00134EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/07/07 8:0 p.m.8 views

K000162130: Spring Framework vulnerability CVE-2026-41851

Security Advisory Description Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7;...

7.5CVSS5.9AI score0.0036EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/07/02 8:45 a.m.17 views

K000162041: Spring Framework vulnerabilities CVE-2026-41843 and CVE-2026-41846

Security Advisory Description CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41846 Spri...

6.1CVSS5.9AI score0.00341EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:29 p.m.9 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Denial of Service (Dos) attacks, and Incorrect Authorization attacks

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41850 DESCRIPTION: Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By...

7.5CVSS5.9AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:23 p.m.3 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Cross-site Scripting attacks, Denial of Service (DoS) attacks, and Server-Side Request Forgery attacks

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41839 DESCRIPTION: A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack...

7.1CVSS5.7AI score0.00247EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:21 p.m.5 views

Security Bulletin: IBM Terracotta is affected by a Spring Framework vulnerability that could allow Information Disclosure, Denial of Service (Dos) attacks, and Path Traversal attacks

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41841 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring...

7.5CVSS5.8AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 6:9 p.m.4 views

Security Bulletin: IBM Terracotta is affected by multiple Spring Framework vulnerabilities that could allow exploiting WebSocket sessions and cross-site scripting

Summary IBM Terracotta uses Spring Framework as an application foundation within the product. Vulnerability Details CVEID:CVE-2026-41838 DESCRIPTION: IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination...

7.5CVSS5.5AI score0.00197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.7 views

Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...

8.2CVSS7.3AI score0.01594EPSS
Exploits0Affected Software1
Rows per page
Query Builder