Lucene search
K

7317 matches found

CVE
CVE
added 2026/06/15 6:54 p.m.27 views

CVE-2026-41708

The CVE describes a DoS vulnerability in Spring Cloud Sleuth via the Spring TX instrumentation when using vulnerable versions of org.springframework.cloud:spring-cloud-sleuth-instrumentation (SLEUTH 3.1.0–3.1.13). The root cause is exposure of the transaction instrumentation to crafted calls, all...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 6:54 p.m.17 views

CVE-2026-41708 Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 6:54 p.m.7 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS5.7AI score0.00254EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/15 7:20 a.m.9 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/15 12:0 a.m.18 views

Tool Calling in Spring AI 2.0: A Composable, Agentic Architecture

Tool calling — the ability for an AI model to invoke application-defined functions and act on the results — is the essential building block of agentic AI systems. A model that can discover information, take action, and loop until a goal is reached is an agent. Spring AI 2.0 rearchitects tool...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49304

Name of the Vulnerable Software and Affected Versions Spring Cloud Sleuth versions 3.1.0 through 3.1.13 Description A denial-of-service DoS condition can be triggered when a user provides specially crafted calls. This occurs in applications using the...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 7:2 p.m.9 views

Security Bulletin: Security Vulnerability in Spring Cloud Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Cloud Vulnerability Details CVEID:CVE-2025-41235 DESCRIPTION: Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. CWE:CWE-444:...

8.6CVSS7.9AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:50 p.m.11 views

Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type...

7.5CVSS6.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:47 p.m.9 views

Security Bulletin: Security Vulnerability in Spring Boot Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-22235)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Boot Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been create...

7.3CVSS7.1AI score0.00358EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:28 p.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in Spring Framework Affect IBM Sterling B2B Integrator and IBM Sterling File Gateway

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities in Spring Framework Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patter...

7.5CVSS6.9AI score0.01916EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.8 views

CVE-2026-41843

A flaw was found in Spring Framework. Specifically, Spring MVC and WebFlux applications are vulnerable to a Path Traversal attack. This vulnerability allows a remote attacker to access sensitive files or directories on the server by manipulating requests for static resources. The successful...

5.9CVSS5.3AI score0.00341EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Spring Security 5.7.x < 5.7.24 / 5.8.x < 5.8.26 / 6.3.x < 6.3.17 / 6.4.x < 6.4.17 / 6.5.x < 6.5.11 / 7.0.x < 7.0.6 DoS

The version of Spring Security installed on the remote host is 5.7.x prior to 5.7.24, 5.8.x prior to 5.8.26, 6.3.x prior to 6.3.17, 6.4.x prior to 6.4.17, 6.5.x prior to 6.5.11, or 7.0.x prior to 7.0.6. It is, therefore, affected by a vulnerability: - An application using...

7.5CVSS5.4AI score0.00331EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2026/06/12 12:0 a.m.10 views

CVE-2026-47835: Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB...

8.6CVSS5.6AI score0.00254EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-40997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clien...

5.3CVSS5.7AI score0.00366EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.36 views

Spring Framework 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 SSRF

The version of Spring Framework installed on the remote host is 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by a vulnerability: - Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL strin...

6.5CVSS5.3AI score0.00123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.174 views

Spring Framework 5.3.x < 5.3.49 / 6.1.x < 6.1.28 / 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 Multiple Vulnerabilities

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49, 6.1.x prior to 6.1.28, 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by multiple vulnerabilities: - IDs for WebSocket sessions in the spring-websocket module are not...

9.8CVSS5.6AI score0.00399EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.8 views

Spring Framework 5.3.x < 5.3.49 Multiple Vulnerabilities

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.49. It is, therefore, affected by multiple vulnerabilities: - Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. CVE-2026-41847 - An integer overflow vulnerability...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-40994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestDat...

8.2CVSS5.5AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 12:0 a.m.9 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via insufficient neutralization of special characters in the query construction. An attacker can execute arbitrary queries against Elasticsearch, OpenSearch, or GemFire...

8.8CVSS5.7AI score0.00254EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-41730

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through...

5.3CVSS5.5AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder