7316 matches found
ROOT-APP-MAVEN-CVE-2026-22740 CVE-2026-22740 in io.root.org.springframework:spring-webflux - Patched by Root
Root has patched CVE-2026-22740 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-41254 CVE-2025-41254 in io.root.org.springframework:spring-websocket - Patched by Root
Root has patched CVE-2025-41254 in the io.root.org.springframework:spring-websocket package for Root:Maven. Multiple fixed versions available...
MongoDB-backed Spring Batch jobs and more in Spring Boot 4.1
Spring Batch was introduced many years before MongoDB existed, and its design assumed the presence of a SQL database in which to store the state of Spring Batch jobs. But that was decades ago, and a common question for anyone new to Spring Batch was, "Why does this thing need to talk to a SQL...
Spring - Remote Code Execution
Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full...
ROOT-APP-MAVEN-CVE-2026-22751 CVE-2026-22751 in io.root.org.springframework.security:spring-security-core - Patched by Root
Root has patched CVE-2026-22751 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22748 CVE-2026-22748 in io.root.org.springframework.security:spring-security-oauth2-jose - Patched by Root
Root has patched CVE-2026-22748 in the io.root.org.springframework.security:spring-security-oauth2-jose package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-38821 CVE-2024-38821 in io.root.org.springframework.security:spring-security-web - Patched by Root
Root has patched CVE-2024-38821 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-22228 CVE-2025-22228 in io.root.org.springframework.security:spring-security-crypto - Patched by Root
Root has patched CVE-2025-22228 in the io.root.org.springframework.security:spring-security-crypto package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root
Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-22234 CVE-2024-22234 in io.root.org.springframework.security:spring-security-core - Patched by Root
Root has patched CVE-2024-22234 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-20862 CVE-2023-20862 in io.root.org.springframework.security:spring-security-core - Patched by Root
Root has patched CVE-2023-20862 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-AIKIDO-2026-11158 AIKIDO-2026-11158 in io.root.org.springframework:spring-core - Patched by Root
Root has patched AIKIDO-2026-11158 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-22235 CVE-2025-22235 in io.root.org.springframework.boot:spring-boot - Patched by Root
Root has patched CVE-2025-22235 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22733 CVE-2026-22733 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22733 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-38807 CVE-2024-38807 in io.root.org.springframework.boot:spring-boot-loader - Patched by Root
Root has patched CVE-2024-38807 in the io.root.org.springframework.boot:spring-boot-loader package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-22731 CVE-2026-22731 in io.root.org.springframework.boot:spring-boot-starter-actuator - Patched by Root
Root has patched CVE-2026-22731 in the io.root.org.springframework.boot:spring-boot-starter-actuator package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-20883 CVE-2023-20883 in io.root.org.springframework.boot:spring-boot-autoconfigure - Patched by Root
Root has patched CVE-2023-20883 in the io.root.org.springframework.boot:spring-boot-autoconfigure package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-40972 CVE-2026-40972 in io.root.org.springframework.boot:spring-boot-devtools - Patched by Root
Root has patched CVE-2026-40972 in the io.root.org.springframework.boot:spring-boot-devtools package for Root:Maven. Multiple fixed versions available...
NoSQL Injection
Spring Data MongoDB is vulnerable to NoSQL Injection. The vulnerability is due to insufficient validation of parameters bound to regular expressions in @Query-annotated repository methods, where attacker-controlled input can break out of the intended regex quoting e.g., ^\Q?0\E$ and manipulate...
Authorization Bypass
Spring Data REST is vulnerable to Authorization Bypass. The vulnerability is due to improper enforcement of write-access restrictions in the JSON Patch application/json-patch+json implementation, where intermediate path segments in multi-segment JSON Pointer expressions are not subjected to...