spring Spring Web Services Vulnerabilities
Spring Spring Web Services vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
WSS4J validation does not use configured replay cache
CVE-2026-41000SpringSpring Web Services3.7LOWSpring WS SSRF via unvalidated WS-Addressing reply destinations
CVE-2026-40999SpringSpring Web Services8.6HIGHJaxp13 XPath XXE via StreamSource and SAXSource
CVE-2026-40998SpringSpring Web Services8.2HIGHSOAP security faults leak Spring Security account state
CVE-2026-40997SpringSpring Web Services5.3MEDIUMInbound WS-Security allows RSA PKCS#1 v1.5 key transport by default
CVE-2026-40996SpringSpring Web Services4.8MEDIUMX.509 authentication bypasses Spring Security account checks
CVE-2026-40995SpringSpring Web Services5.4MEDIUMWss4jSecurityInterceptor disables WS-I BSP validation by default
CVE-2026-40994SpringSpring Web Services8.2HIGHSpring Web Services XML External Entity Injection (XXE)
CVE-2019-3773SpringSpring Web Services9.8CRITICAL