spring Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by spring
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
Null Endpoint Exposure Vulnerability in Spring Security Framework
CVE-2025-22235SpringSpring Boot7.3HIGHPassword Validation Flaw in Spring Framework Affects BCryptPasswordEncoder
CVE-2025-22228SpringSpring Security7.4HIGHBypassing Authorization Rules in Spring WebFlux Applications
CVE-2024-38821SpringSpring๐พ๐ก๐ฐ9.1CRITICALSpring WebApplications Vulnerable to Path Traversal Attacks
CVE-2024-38816SpringSpring๐พ๐กEPSS 92%๐ฐ7.5HIGHMissing Authorization Vulnerability in Spring Security 6.3.0 and 6.3.1
CVE-2024-38810SpringSpring Security7.5HIGHMalicious File Write Vulnerability in Spring Cloud Data Flow Skipper Prior to 2.11.4
CVE-2024-37084SpringSpring Cloud Data Flow๐พ๐กEPSS 72%8.8HIGHSpring Cloud Function Web DOS Vulnerability
CVE-2024-22271Spring By Vmware ...Spring Cloud Function ...8.2HIGHMalicious File Write Vulnerability in Skipper Server
CVE-2024-22263Spring By Vmware ...Spring Cloud Skipper๐พ๐กEPSS 67%8.8HIGHSpring UriComponentsBuilder Vulnerability: Open Redirect and SSRF Risks
CVE-2024-22262SpringSpring Framework8.1HIGHSpring Framework UriComponentsBuilder Vulnerability
CVE-2024-22259SpringSpring FrameworkEPSS 13%๐ฐ8.1HIGHPotential Open Redirect Vulnerability in UriComponentsBuilder
CVE-2024-22243SpringSpring Framework๐พ๐กEPSS 41%8.1HIGHBroken Access Control Vulnerability in Spring Security
CVE-2024-22234SpringSpring Security7.4HIGHPossible Denial-of-Service (DoS) Vulnerability in Spring Framework Versions 6.0.15 and 6.1.2
CVE-2024-22233SpringSpring Framework๐ฐ7.5HIGHReactor Netty HTTP Server Metrics DoS Vulnerability
CVE-2023-34054SpringReactor Netty7.5HIGHSpring Framework server Web Observations DoS Vulnerability
CVE-2023-34053SpringSpring Framework7.5HIGHRFD Protection Bypass via jsessionid
CVE-2020-5421Spring By VmwareSpring Framework๐พ๐กEPSS 56%8.7HIGHKryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"
CVE-2020-5413Spring By VmwareSpring Integration9.8CRITICALJackson Configuration Allows Code Execution with Unknown "Serialization Gadgets"
CVE-2020-5411Spring By VmwareSpring Batch8.1HIGHDirectory Traversal with spring-cloud-config-server
CVE-2020-5410Spring By VmwareSpring Cloud Config๐พ๐กEPSS 94%๐ฆ 7.5HIGHSignature Wrapping Vulnerability with spring-security-saml2-service-provider
CVE-2020-5407Spring By VmwareSpring Security8.8HIGHRFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application
CVE-2020-5398SpringSpring Framework๐พ๐กEPSS 90%8HIGHPlaintextPasswordEncoder authenticates encoded passwords that are null
CVE-2019-11272SpringSpring Security7.3HIGHSpring Batch XML External Entity Injection (XXE)
CVE-2019-3774SpringSpring Batch9.8CRITICALSpring Integration XML External Entity Injection (XXE)
CVE-2019-3772SpringSpring Integration9.8CRITICALSpring Web Services XML External Entity Injection (XXE)
CVE-2019-3773SpringSpring Web Services9.8CRITICAL