214 matches found
EUVD-2026-36200
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...
CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...
CVE-2026-40985
CVE-2026-40985 affects Spring Web Flow where configurations use the WebFlowELExpressionParser. The vulnerability arises from processing Unified EL expressions, allowing a crafted expression to influence behavior. Affected versions are Spring Web Flow 4.0.0; 3.0.0–3.0.1; and 2.5.0–2.5.1. The conne...
CVE-2026-40985 Data Binding Vulnerability in Spring Web Flow with Unified EL Parser
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...
PT-2026-48617
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description The Wss4jSecurityInterceptor...
PT-2026-48620
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Integration paths between Spring W...
VMware Spring Web Services 代码问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the defaul...
VMware Spring Web Services 代码问题漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...
PT-2026-48623
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description The Wss4jSecurityInterceptor faile...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...
VMware Spring Web Services 加密问题漏洞
VMware Spring Web Services is a SOAP web service development framework provided by the American company VMware. There are vulnerabilities related to encryption in VMware Spring Web Services versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8. These vulnerabilities stem fr...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...
VMware Spring Web Flow 跨站脚本漏洞
VMware Spring Web Flow is a web application flow management framework developed by VMware, Inc. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow have cross-site scripting vulnerabilities. These vulnerabilities stem from the JavaScript RemotingHandler’s ability to rende...
PT-2026-48621
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description Jaxp13XPathTemplate evaluated XPat...
PT-2026-48613
Name of the Vulnerable Software and Affected Versions Spring Web Flow version 4.0.0 Spring Web Flow versions 3.0.0 through 3.0.1 Spring Web Flow versions 2.5.0 through 2.5.1 Description Applications that configure the WebFlowELExpressionParser are susceptible to the use of malicious Unified EL...
VMware Spring Web Flow 安全漏洞
VMware Spring Web Flow is a web application flow management framework developed by the American company VMware. Versions 4.0.0, 3.0.0 to 3.0.1, and 2.5.0 to 2.5.1 of VMware Spring Web Flow contain security vulnerabilities. These vulnerabilities stem from the possibility of malicious Unified EL...
PT-2026-48618
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description X509AuthenticationProvider could...
PT-2026-48622
Name of the Vulnerable Software and Affected Versions Spring Web Services versions 5.0.0 through 5.0.1 Spring Web Services versions 4.1.0 through 4.1.3 Spring Web Services versions 4.0.0 through 4.0.18 Spring Web Services versions 3.1.0 through 3.1.8 Description When WS-Addressing is used with...
PT-2026-48614
Name of the Vulnerable Software and Affected Versions Spring Web Flow version 4.0.0 Spring Web Flow versions 3.0.0 through 3.0.1 Spring Web Flow versions 2.5.0 through 2.5.1 Description The JavaScript RemotingHandler renders the body of an error response as HTML, regardless of whether the respons...
CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. A remo...