Vulnerabilidades en Spring
149 resultadosCVE-2023-34055MEDIUMSpring Boot server Web Observations DoS VulnerabilityEPSS 1.2%CVE-2024-22262HIGHCVE-2024-22262: Spring Framework URL Parsing with Host ValidationEPSS 1.2%CVE-2023-34053MEDIUMSpring Framework server Web Observations DoS VulnerabilityEPSS 1.1%CVE-2019-3797LOWAdditional information exposure with Spring Data JPA derived queriesEPSS 1.1%CVE-2024-22233HIGHCVE-2024-22233: Spring Framework server Web DoS VulnerabilityEPSS 1.0%CVE-2023-34054MEDIUMReactor Netty HTTP Server Metrics DoS VulnerabilityEPSS 0.9%CVE-2026-22738CRITICALSpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code ExecutionEPSS 0.8%CVE-2026-40982CRITICALSpring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious EPSS 0.8%CVE-2024-38828MEDIUMCVE-2024-38828: DoS via Spring MVC controller method with byte[] parameterEPSS 0.7%CVE-2024-22234HIGHCVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticatedEPSS 0.7%CVE-2025-22228HIGHCVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password lengthEPSS 0.6%CVE-2024-38808MEDIUMCVE-2024-38808: Spring Expression DoS VulnerabilityEPSS 0.5%CVE-2024-22258MEDIUMCVE-2024-22258: PKCE Downgrade in Spring Authorization ServerEPSS 0.5%CVE-2025-41232CRITICALCVE-2025-41232: Spring Security authorization bypass for method security annotations on private methodsEPSS 0.5%CVE-2026-22718MEDIUMCommand injection vulnerabilityEPSS 0.5%CVE-2025-22223MEDIUMSpring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authEPSS 0.5%CVE-2024-38810MEDIUMMissing Authorization When Using @AuthorizeReturnObjectEPSS 0.4%CVE-2026-41699HIGHUnsafe Deserialization in Spring GraphQLEPSS 0.4%CVE-2026-40984HIGHMicrometer HTTP server instrumentations DoS vulnerabilityEPSS 0.4%CVE-2026-40976CRITICALIn certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an applicatioEPSS 0.4%