Vulnerabilidades em Spring
149 resultadosCVE-2026-22751MEDIUMSpring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessionsEPSS 0.1%CVE-2024-38807MEDIUMCVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's LoaderEPSS 0.1%CVE-2026-40992MEDIUMMail Auto-Configuration Does Not Enable SSL Hostname VerificationEPSS 0.1%CVE-2026-41854MEDIUMSpring Framework Server-Side Request Forgery via UriComponentsBuilderEPSS 0.1%CVE-2026-47838MEDIUMUnauthorized User Impersonation when Using X.509 Client CertificatesEPSS 0.1%CVE-2026-40977MEDIUMWhen an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corruEPSS 0.1%CVE-2026-22735LOWServer Sent Event stream corruptionEPSS 0.1%CVE-2026-40979MEDIUMIn Spring AI, having access to a shared environment can expose the ONNX model used by the application.
Affected versions:
Spring AI: 1.0.0 EPSS 0.1%CVE-2026-41001MEDIUMPredictable Temp Directory in Artemis Auto-configurationEPSS 0.1%