Lucene search
K
VmwareSpring Framework

65 matches found

CVE
CVE
added 2011/10/04 10:0 a.m.91 views

CVE-2011-2894

CVE-2011-2894 describes insecure deserialization in Spring Framework 3.0.0–3.0.5 and Spring Security 2.0.0–2.0.6 and 3.0.0–3.0.5, where untrusted data can cause remote code execution by deserializing proxies or via exposed internal AOP interfaces (e.g., DefaultListableBeanFactory), enabling arbit...

6.8CVSS8.1AI score0.08532EPSS
CVE
CVE
added 2018/12/19 10:0 p.m.84 views

CVE-2018-15801

CVE-2018-15801 affects Spring Security versions 5.1.x prior to 5.1.2, where an authorization bypass can occur during JWT issuer validation. For exploitation, the same private key must be used by an honest issuer and a malicious user when signing JWTs; a attacker could craft signed tokens with a m...

7.4CVSS5.4AI score0.00653EPSS
CVE
CVE
added 2015/03/10 2:0 p.m.80 views

CVE-2015-0201

The CVE-2015-0201 issue affects the Java SockJS client in Pivotal Spring Framework 4.1.x prior to 4.1.5. The root cause is generation of predictable session IDs, enabling remote attackers to send messages to other sessions through unspecified vectors. Impact is partial confidentiality of session ...

5CVSS6.8AI score0.019EPSS
CVE
CVE
added 2026/06/09 3:50 a.m.75 views

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service when processing multipart requests. Affected: Spring Framework 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48. CVSSv3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 5.9, MEDIUM). Exploitation details are not provided in th...

5.9CVSS5.8AI score0.00247EPSS
CVE
CVE
added 2026/06/09 3:51 a.m.70 views

CVE-2026-41849

The CVE-2026-41849 entry affects Spring Framework 5.3.0–5.3.48 and is caused by an integer overflow in the SpEL evaluation logic. Exploitation via a crafted SpEL expression can trigger excessive resource consumption, leading to a Denial of Service. The connected documents specify the vulnerabilit...

7.5CVSS5.5AI score0.00263EPSS
CVE
CVE
added 2026/03/19 11:37 p.m.63 views

CVE-2026-22735

CVE-2026-22735 affects Spring MVC and Spring WebFlux applications via Server-Sent Events (SSE) stream handling. Concrete details in the connected documents show impact on Spring Framework components: Spring Foundation versions 5.3.0–5.3.46, 6.1.0–6.1.25, 6.2.0–6.2.16, and 7.0.0–7.0.5 experience s...

2.6CVSS5.8AI score0.00112EPSS
CVE
CVE
added 2026/06/09 3:50 a.m.63 views

CVE-2026-41845

The CVE-2026-41845 entry affects Spring Framework versions 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The issue stems from incorrect escaping in JavaScriptUtils.javaScriptEscape(), which may allow JavaScript code injection in the browser and enable cross-site scripting (XSS). The ...

7.1CVSS5.3AI score0.00161EPSS
CVE
CVE
added 2026/06/09 3:51 a.m.57 views

CVE-2026-41854

The CVE affects Spring Framework 7.0.0–7.0.7 and 6.2.0–6.2.18, where incorrect host parsing in UriComponentsBuilder may allow a server-side request forgery (SSRF) when parsing an externally provided URL string. The vulnerability is described as an SSRF condition resulting from this parsing flaw. ...

6.5CVSS5.5AI score0.00123EPSS
CVE
CVE
added 2026/06/09 3:50 a.m.54 views

CVE-2026-41843

CVE-2026-41843 affects Spring Framework, specifically Spring MVC and WebFlux, where path traversal can occur when resolving static resources. Affected versions include 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The connected documents confirm the vulnerability class as path traver...

5.9CVSS5.5AI score0.00341EPSS
CVE
CVE
added 2026/06/09 3:50 a.m.51 views

CVE-2026-41844

The CVE-2026-41844 entry concerns Spring Framework components Spring MVC and Spring WebFlux. Affected are Spring Framework versions 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; and 5.3.0–5.3.48. Description: when an application configures a mapping for "/**" and the view name is not explicitly specif...

6.1CVSS5.6AI score0.00134EPSS
CVE
CVE
added 2026/04/29 11:35 a.m.45 views

CVE-2026-22745

The vulnerability is in the Spring Framework’s static resource resolution when serving file-system backed resources in Spring MVC/WebFlux apps on Windows. Affected component: org.springframework:spring-core. Under the conditions that the app uses Spring MVC or Spring WebFlux, serves static resour...

5.3CVSS5.4AI score0.00341EPSS
CVE
CVE
added 2026/06/09 3:50 a.m.44 views

CVE-2026-41846

The CVE concerns Spring Framework: JSP form tag attributes cssClass, cssErrorClass, and cssStyle in Spring MVC applications can be exploited to inject arbitrary HTML/JavaScript, enabling cross-site scripting (XSS). Affected versions are Spring Framework 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5....

6.1CVSS5.4AI score0.0014EPSS
CVE
CVE
added 2026/06/09 3:51 a.m.43 views

CVE-2026-41852

The CVE affects Spring Framework via SpEL evaluation allowing arbitrary zero-argument method invocation in restricted/read-only contexts across multiple versions (7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48). Root cause is the SpEL evaluation logic, enabling invocation of unintended app...

5.3CVSS5.6AI score0.00164EPSS
CVE
CVE
added 2026/06/09 3:50 a.m.39 views

CVE-2026-41841

CVE-2026-41841 affects Spring Framework versions 5.3.0–5.3.48; 6.1.0–6.1.27; 6.2.0–6.2.18; 7.0.0–7.0.7. It describes Information Disclosure via the static resource cache in Spring MVC and WebFlux when resolving static resources. The root cause and exact exploit path are not detailed in the provid...

5.9CVSS5.5AI score0.00313EPSS
CVE
CVE
added 2026/06/09 3:51 a.m.34 views

CVE-2026-41847

CVE-2026-41847 : Spring Framework WebFlux Kotlin Router DSL may be vulnerable to a security bypass. Affected versions: Spring Framework 5.3.0 through 5.3.48. The CVE records a bypass in WebFlux when using the Kotlin Router DSL, with a CVSS v3.1 base score of 4.8 (Medium). Impact indicators in the...

5.3CVSS5.4AI score0.00166EPSS
Total number of security vulnerabilities65