ROOT-APP-MAVEN-CVE-2023-20862 CVE-2023-20862 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2023-20862 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-22257 CVE-2024-22257 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2024-22257 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-38827 CVE-2024-38827 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2024-38827 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2022-31692 CVE-2022-31692 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2022-31692 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-38821 CVE-2024-38821 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2024-38821 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-22228 CVE-2025-22228 in io.root.org.springframework.security:spring-security-crypto - Patched by Root

Root has patched CVE-2025-22228 in the io.root.org.springframework.security:spring-security-crypto package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-22748 CVE-2026-22748 in io.root.org.springframework.security:spring-security-oauth2-jose - Patched by Root

Root has patched CVE-2026-22748 in the io.root.org.springframework.security:spring-security-oauth2-jose package for Root:Maven. Multiple fixed versions available...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016711 advisory. Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests ...

ROOT-APP-MAVEN-CVE-2024-22234 CVE-2024-22234 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2024-22234 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

K000161272: Spring Security vulnerability CVE-2026-22753

Security Advisory Description Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercise...

EUVD-2026-29372

Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the applicati...

CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-34263 Missing authentication check in SAP Commerce cloud configuration

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

CVE-2026-41713

creationtimestamp| type| source ---|---|--- 2026-05-11 09:04:11+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-443 2026-05-11 12:05:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mllabzqe2i2x 2026-05-12 11:59:24+00:00| seen|...

PT-2026-39922

Name of the Vulnerable Software and Affected Versions SAP Commerce cloud affected versions not specified Description Improper Spring Security configuration allows an unauthenticated user to perform malicious configuration upload and code injection. This can result in arbitrary server-side code...

Security Bulletin: Vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash. Vulnerabilities include an attacker, local attacker, remote attacker and authenticated attacker could exploit these vulnerabilitie...

Sensitive Information Disclosure

Spring Security is vulnerable to Sensitive Information Disclosure. The vulnerability is due to bypass of timing attack protections in DaoAuthenticationProvider when handling disabled, expired, or locked user states, which allows an attacker to infer user account status through response timing...