8 matches found
CVE-2026-41852
A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....
CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions
A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....
CVE-2026-41852 Spring Framework Arbitrary Method Invocation in SpEL Expressions
A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....
EUVD-2026-35340
A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....
CVE-2026-41852
Summary (CVE-2026-41852) : A vulnerability in Spring Framework’s SpEL evaluation logic allows arbitrary zero-argument method invocations, including in restricted/read-only contexts, potentially invoking unintended application logic. Affected versions : Spring Framework 7.0.0–7.0.7; 6.2.0–6.2.18; ...
PT-2026-47663
A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....
FreeBSD : mongodb -- MongoDB Server access to non-initialized memory (a9dc3c61-a20f-11f0-91d8-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a9dc3c61-a20f-11f0-91d8-b42e991fc52e advisory. [email protected] reports: MongoDB Server may access non-initialized region of memory leading to unexpect...
SUSE CVE-2006-3672
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service application crash by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 zero argument...