Lucene search
+L
VmwareSpring Boot3.3.0

6 matches found

CVE
CVE
added 2026/04/27 11:29 p.m.165 views

CVE-2026-40973

The CVE-2026-40973 issue affects Spring Boot versions 4.x (4.0.0–4.0.5 with fix in 4.0.6), 3.5.x (3.5.0–3.5.13 with fix 3.5.14), 3.4.x (3.4.0–3.4.15 with fix 3.4.16), 3.3.x (3.3.0–3.3.18 with fix 3.3.19), and 2.7.x (2.7.0–2.7.32 with fix 2.7.33). The vulnerability stems from the ApplicationTemp m...

7CVSS5.5AI score0.00136EPSS
CVE
CVE
added 2026/03/19 11:29 p.m.70 views

CVE-2026-22733

Summary of CVE-2026-22733 : Affected are Spring Boot applications using Actuator with a misconfigured endpoint under the CloudFoundry Actuator path. The issue is described as an Authentication Bypass in several Spring Security versions (2.7.0–2.7.31, 3.3.0–3.3.17, 3.4.0–3.4.14, 3.5.0–3.5.11, 4.0....

8.2CVSS5.8AI score0.0036EPSS
CVE
CVE
added 2026/04/27 11:15 p.m.55 views

CVE-2026-40972

The CVE-2026-40972 involves a Timing Attack on the DevTools remote secret comparison in Spring Boot. An attacker on the same network can measure timing differences when the remote secret is compared, enabling character-by-character deduction of the secret. In extreme cases this could allow upload...

7.5CVSS6.3AI score0.00262EPSS
CVE
CVE
added 2026/04/27 11:31 p.m.46 views

CVE-2026-40974

CVE-2026-40974 affects Spring Boot’s Cassandra SSL auto-configuration: hostname verification is not performed when establishing SSL to Cassandra. Affected ranges include Spring Boot 4.0.0–4.0.5 (fix in 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), and 2....

9.8CVSS5.2AI score0.00182EPSS
CVE
CVE
added 2026/04/27 11:32 p.m.41 views

CVE-2026-40975

CVE-2026-40975 describes use of a cryptographically weak PRNG for Spring Boot’s random value property source (e.g., ${random.value}, ${random.int}, ${random.long}) used for secrets. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (...

8.2CVSS5.2AI score0.00312EPSS
CVE
CVE
added 2026/04/27 11:36 p.m.35 views

CVE-2026-40977

The CVE affects Spring Boot’s ApplicationPidFileWriter PID-file handling. A local attacker with write access to the PID-file location can clobber a host file on each startup. Affected versions include Spring Boot 4.0.0–4.0.5 (fixed in 4.0.6), 3.5.0–3.5.13 (fixed in 3.5.14), 3.4.0–3.4.15 (fixed in...

6.7CVSS5.3AI score0.00112EPSS