spring Latest Vulnerabilities
Latest vulnerabilities published by spring
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Spring HATEOAS heap exhaustion through unbounded internal caching
CVE-2026-41007SpringSpring Hateoas7.5HIGHSpring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration
CVE-2026-41006SpringSpring Hateoas7.5HIGHSpring Framework Unsafe Deserialization via Jackson JMS Converters
CVE-2026-41855SpringSpring Framework8.1HIGHSpring Framework Server-Side Request Forgery via UriComponentsBuilder
CVE-2026-41854SpringSpring Framework4.2MEDIUMSpring Framework Multipart Request Smuggling in Spring MVC and WebFlux
CVE-2026-41853SpringSpring Framework5.3MEDIUMSpring Framework Arbitrary Method Invocation in SpEL Expressions
CVE-2026-41852SpringSpring Framework3.7LOWSpring Framework Denial of Service via Unbounded Cache in SpEL
CVE-2026-41851SpringSpring Framework5.3MEDIUMSpring Framework Algorithmic Denial of Service via SpEL Expressions
CVE-2026-41850SpringSpring Framework7.5HIGHSpring Framework Denial of Service via Integer Overflow in SpEL Expressions
CVE-2026-41849SpringSpring Framework7.5HIGHSpring Framework Denial of Service via AntPathMatcher
CVE-2026-41848SpringSpring Framework3.7LOWSpring Framework Security Filter Bypass in WebFlux Kotlin Router DSL
CVE-2026-41847SpringSpring Framework4.8MEDIUMSpring Framework Cross-site Scripting via JSP Form Tags
CVE-2026-41846SpringSpring Framework5.9MEDIUMSpring Framework Cross-site Scripting via JavaScriptUtils
CVE-2026-41845SpringSpring Framework7.1HIGHSpring Framework Open Redirect in Spring MVC and WebFlux
CVE-2026-41844SpringSpring Framework4.2MEDIUMSpring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux
CVE-2026-41843SpringSpring Framework5.9MEDIUMSpring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux
CVE-2026-41842SpringSpring Framework7.5HIGHSpring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux
CVE-2026-41841SpringSpring Framework5.9MEDIUMSpring Framework Denial of Service via Multipart Requests in WebFlux
CVE-2026-41840SpringSpring Framework5.9MEDIUMSpring Framework Escalation via Session Fixation in WebFlux
CVE-2026-41839SpringSpring Framework4.2MEDIUMSpring Framework Predictable Session ID in WebSocket Module
CVE-2026-41838SpringSpring Framework4.8MEDIUMAuthentication Bypass with Empty Password in Spring LDAP
CVE-2026-41720SpringSpring Ldap7.4HIGHReactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect
CVE-2026-41715SpringReactor Netty6.1MEDIUMCache Exhaustion in Stateful Retries leads to Denial of Service
CVE-2026-41710SpringSpring Retry5.9MEDIUMMicrometer HTTP server instrumentations DoS vulnerability
CVE-2026-40984SpringMicrometer7.5HIGHMicrometer gRPC server instrumentation DoS vulnerability
CVE-2026-40983SpringMicrometer7.5HIGH