Vulnerabilidades en Spring
149 resultadosCVE-2026-41006HIGHSpring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configurationEPSS 0.3%CVE-2026-41849HIGHSpring Framework Denial of Service via Integer Overflow in SpEL ExpressionsEPSS 0.3%CVE-2026-41696MEDIUMSpring Data MongoDB Bind Parameter Literal Quoting BreakoutEPSS 0.3%CVE-2026-40972HIGHAn attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote seEPSS 0.3%CVE-2026-41855HIGHSpring Framework Unsafe Deserialization via Jackson JMS ConvertersEPSS 0.3%CVE-2026-41720HIGHAuthentication Bypass with Empty Password in Spring LDAPEPSS 0.3%CVE-2026-47835HIGHSpring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector StoresEPSS 0.3%CVE-2025-22232MEDIUMSpring Cloud Config Server May Not Use Vault Token Sent By ClientsEPSS 0.3%CVE-2026-22743HIGHServer-Side Request Forgery via Filter Expression Keys in Neo4jVectorStoreEPSS 0.3%CVE-2026-22744HIGHIn RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, strinEPSS 0.3%CVE-2026-22753HIGHServlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchersEPSS 0.2%CVE-2026-41840MEDIUMSpring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions: Spring EPSS 0.2%CVE-2026-41727MEDIUMIn Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behaviorEPSS 0.2%CVE-2026-40980MEDIUMIn Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayEPSS 0.2%CVE-2026-40994HIGHWss4jSecurityInterceptor disables WS-I BSP validation by defaultEPSS 0.2%CVE-2026-22747MEDIUMUnauthorized User Impersonation when Using X.509 Client CertificatesEPSS 0.2%CVE-2026-41697MEDIUMSpring Data Relational Parameter not Escaped for Query By Example LIKE PatternEPSS 0.2%CVE-2026-40985MEDIUMData Binding Vulnerability in Spring Web Flow with Unified EL ParserEPSS 0.2%CVE-2026-40991MEDIUMXML External Entity (XXE) injection when documenting untrusted XML contentEPSS 0.2%CVE-2026-41000LOWWSS4J validation does not use configured replay cacheEPSS 0.2%