Lucene search
K

364799 matches found

NVD
NVD
•added 2026/06/10 12:16 a.m.•11 views

CVE-2026-41714

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1....

4CVSS0.00132EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•19 views

CVE-2026-41701

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS0.00173EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•16 views

CVE-2026-41719

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

6.4CVSS0.00202EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•19 views

CVE-2026-41706

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS0.00211EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•15 views

CVE-2026-41721

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lo...

5.9CVSS0.00331EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•21 views

CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

5.3CVSS0.00137EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•16 views

CVE-2026-41003

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10;...

7.6CVSS0.00204EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•18 views

CVE-2026-40993

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

7.3CVSS0.00198EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•15 views

CVE-2026-41697

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS0.00227EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•16 views

CVE-2026-41008

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS0.00172EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•19 views

CVE-2026-40991

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS0.00223EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•16 views

CVE-2026-41696

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS0.00262EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•34 views

CVE-2026-41695

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS0.00363EPSS
Exploits0References1
NVD
NVD
•added 2026/06/10 12:16 a.m.•23 views

CVE-2026-40988

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS0.00331EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•12 views

CVE-2026-9754

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

7.1CVSS0.00224EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•12 views

CVE-2026-9747

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS0.0027EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•15 views

CVE-2026-9753

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

8.1CVSS0.00298EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•13 views

CVE-2026-9748

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS0.00323EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•17 views

CVE-2026-9751

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS0.00109EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•11 views

CVE-2026-9750

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS0.00368EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•14 views

CVE-2026-9749

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS0.0027EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•15 views

CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

7.1CVSS0.0027EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•10 views

CVE-2026-9742

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS0.00347EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•15 views

CVE-2026-9735

MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written to the log without redaction...

6.8CVSS0.00119EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•26 views

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS0.0027EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•21 views

CVE-2026-9740

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS0.00345EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•13 views

CVE-2026-9743

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS0.00307EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:17 p.m.•11 views

CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS0.00103EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:16 p.m.•11 views

CVE-2026-46433

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

6.5CVSS0.00225EPSS
Exploits0References4
NVD
NVD
•added 2026/06/09 11:16 p.m.•15 views

CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:16 p.m.•16 views

CVE-2026-46373

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:16 p.m.•11 views

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.4CVSS0.02042EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 11:16 p.m.•9 views

CVE-2026-10238

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
NVD
NVD
•added 2026/06/09 10:16 p.m.•17 views

CVE-2026-47902

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS0.00153EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 10:16 p.m.•15 views

CVE-2026-47905

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS0.00153EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 10:16 p.m.•14 views

CVE-2026-47903

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user...

6.2CVSS0.00153EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 10:16 p.m.•18 views

CVE-2026-47904

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS0.00153EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 10:16 p.m.•13 views

CVE-2026-34711

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require...

7.5CVSS0.0043EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 10:16 p.m.•14 views

CVE-2026-34712

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user...

7.5CVSS0.00407EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 10:16 p.m.•28 views

CVE-2026-34713

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

7.5CVSS0.00407EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 10:16 p.m.•10 views

CVE-2026-34417

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS0.00168EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 10:16 p.m.•13 views

CVE-2026-25860

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS0.00293EPSS
Exploits1References3
NVD
NVD
•added 2026/06/09 10:16 p.m.•14 views

CVE-2026-34657

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 9:17 p.m.•13 views

CVE-2026-48291

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00281EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 9:17 p.m.•11 views

CVE-2026-48303

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00553EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 9:17 p.m.•9 views

CVE-2026-48292

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00281EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 9:17 p.m.•10 views

CVE-2026-47959

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS0.00174EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 9:17 p.m.•10 views

CVE-2026-47955

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00165EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 9:17 p.m.•14 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS0.00406EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 9:17 p.m.•14 views

CVE-2026-47961

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interacti...

5.5CVSS0.00154EPSS
Exploits0References1
Total number of security vulnerabilities364799