spring Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by spring
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Spring HATEOAS heap exhaustion through unbounded internal caching
CVE-2026-41007SpringSpring Hateoas7.5HIGHSpring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
CVE-2026-41006SpringSpring Hateoas7.5HIGHSpring Framework Unsafe Deserialization via Jackson JMS Converters
CVE-2026-41855SpringSpring Framework8.1HIGHSpring Framework Algorithmic Denial of Service via SpEL Expressions
CVE-2026-41850SpringSpring Framework7.5HIGHSpring Framework Denial of Service via Integer Overflow in SpEL Expressions
CVE-2026-41849SpringSpring Framework7.5HIGHSpring Framework Cross-site Scripting via JavaScriptUtils
CVE-2026-41845SpringSpring Framework7.1HIGHSpring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux
CVE-2026-41842SpringSpring Framework7.5HIGHAuthentication Bypass with Empty Password in Spring LDAP
CVE-2026-41720SpringSpring Ldap7.4HIGHMicrometer HTTP server instrumentations DoS vulnerability
CVE-2026-40984SpringMicrometer7.5HIGHMicrometer gRPC server instrumentation DoS vulnerability
CVE-2026-40983SpringMicrometer7.5HIGHSecurity Flaw in mcp-security Framework for Spring AI Affects OAuth Implementations
CVE-2026-45609Spring-ai-communityMcp-security7.2HIGHSpring AI's MilvusVectorStore Vulnerable to Injection Attacks
CVE-2026-41705SpringSpring Ai8.6HIGHRemote Code Execution Vulnerability in Spring Cloud Config by Google
CVE-2026-40981SpringSpring Cloud Config7.5HIGHTOCTOU Vulnerability in Spring Cloud Config Server by VMware
CVE-2026-41002SpringSpring Cloud Config7.4HIGHDirectory Traversal Vulnerability in Spring Cloud Config by Pivotal
CVE-2026-40982SpringSpring Cloud Config9.1CRITICALSQL Injection Vulnerability in Spring AI's CosmosDBVectorStore
CVE-2026-40978SpringSpring Ai8.8HIGHSpring AI Vulnerability in Various FilterExpressionConverter Implementations
CVE-2026-40967SpringSpring Ai8.6HIGHWeb Security Flaw in Spring Boot Affects Servlet-Based Applications
CVE-2026-40976SpringSpring Boot9.1CRITICALLocal Directory Vulnerability in Spring Boot Products
CVE-2026-40973SpringSpring Boot7HIGHTiming Attack Vulnerability in Spring Boot by Pivotal Software
CVE-2026-40972SpringSpring Boot7.5HIGHAuthorization Bypass in Spring Security Affects Spring Framework
CVE-2026-22754SpringSpring Security7.5HIGHSecurity Vulnerability in Spring Security from Spring Framework
CVE-2026-22753SpringSpring Security7.5HIGHSecurity Flaw in Spring AI Redis Store Affects Tag Field Processing
CVE-2026-22744SpringSpring Ai7.5HIGHCypher Injection Vulnerability in Spring AI's Neo4j Store
CVE-2026-22743SpringSpring Ai7.5HIGHServer-Side Request Forgery Vulnerability in Spring AI's Bedrock Proxy Chat Model
CVE-2026-22742SpringSpring Ai8.6HIGH