Vulnerabilidades em Spring
149 resultadosCVE-2023-34036MEDIUMForwarded header exploit with Spring HATEOAS on WebFluxEPSS 0.4%CVE-2025-22234MEDIUMSpring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigationEPSS 0.4%CVE-2026-41842HIGHSpring Framework Denial of Service via Versioned Resources in Spring MVC and WebFluxEPSS 0.4%CVE-2026-41863MEDIUMLLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills APIEPSS 0.4%CVE-2026-40967HIGHIn Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector storEPSS 0.4%CVE-2026-41729HIGHSpring Data REST SpEL Injection via Map Key in JSON PatchEPSS 0.4%CVE-2026-22737MEDIUMSpring Framework Improper Path Limitation with Script View TemplatesEPSS 0.4%CVE-2026-40999HIGHSpring WS SSRF via unvalidated WS-Addressing reply destinationsEPSS 0.4%CVE-2026-40981HIGHWhen using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentiaEPSS 0.4%CVE-2024-38829LOWSpring LDAP sensitive data exposure for case-sensitive comparisonsEPSS 0.4%CVE-2026-40997MEDIUMSOAP security faults leak Spring Security account stateEPSS 0.4%CVE-2026-41695HIGHDenial of Service in Spring Data Commons Property Path ResolutionEPSS 0.4%CVE-2026-41716HIGHSpring Data web support unbounded negative-result cache keyed on attacker-supplied property namesEPSS 0.4%CVE-2026-41850HIGHSpring Framework Algorithmic Denial of Service via SpEL ExpressionsEPSS 0.4%CVE-2026-41851MEDIUMSpring Framework Denial of Service via Unbounded Cache in SpELEPSS 0.4%CVE-2023-34047LOWExposure of data and identity to wrong session in Spring for GraphQLEPSS 0.4%CVE-2026-22733HIGHAuthentication Bypass under Actuator CloudFoundry endpointsEPSS 0.4%CVE-2025-22235HIGHSpring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposedEPSS 0.4%CVE-2026-22742HIGHServer-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL FetchingEPSS 0.4%CVE-2026-41705HIGHSpring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.
SprinEPSS 0.4%