Lucene search
K

7 matches found

Nuclei
Nuclei
added 15 hours ago69 views

Spring Cloud - Remote Code Execution

Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and...

9.8CVSS7.6AI score0.99939EPSS
Exploits36References6
Nuclei
Nuclei
added 15 hours ago38 views

Spring Cloud Netflix - Server-Side Request Forgery

Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacke...

6.5CVSS6.8AI score0.10214EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday30 views

Spring Cloud Config - Local File Inclusion

Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. id: CVE-2020-5405 info: name: Spring...

6.5CVSS7AI score0.6876EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.30 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafte...

7.5CVSS6.8AI score0.95586EPSS
Exploits3References5
vulnersOsv
vulnersOsv
added 2026/03/20 12:31 a.m.9 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), com.buession.security:buession-security-spring (>=3.0.0 <=3.0.1) +521 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=5.8.0 <=5.8.16)

org.springframework.security:spring-security-web MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =4.5.0, =4.5.0, =4.5.1 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...

9.1CVSS5.8AI score0.0048EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2025/03/20 6:31 a.m.9 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +618 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=5.8.0 <=5.8.16)

org.springframework.security:spring-security-crypto MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.1 and more Source cves: CVE-2025-22228 Source advisory: OSV:GHSA-MG83-C7GQ-RV5Chttp...

7.4CVSS7.3AI score0.00568EPSS
Exploits0
CNVD
CNVD
added 2021/04/29 12:0 a.m.4 views

Arbitrary File Read Vulnerability in Novelty House-plus

Novel boutique-plus novel-plus is a multi-end PC, WAP reading, functional original literature CMS system , built on SpringCloud , using MyBatis as the persistence layer . Novel-plus has an arbitrary file read vulnerability that can be exploited by an attacker to read any file in the system...

7AI score
Exploits0
Rows per page
Query Builder