Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50201 |
|
Privilege Escalation in Steeltoe.Management.Endpoint (CVE-2026-50201)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50201). Confidential information can be exposed externally. Exploitable via ``EndpointPermissions.Restricted``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-47835 |
|
Vulnerability in CVE-2026-47835 (CVE-2026-47835)
vulnerability in CVE-2026-47835 (CVE-2026-47835). Confidential information can be exposed externally.
|
| CVE-2026-41708 |
|
Vulnerability in dos (CVE-2026-41708)
vulnerability in dos (CVE-2026-41708). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41001 |
|
Vulnerability in spring (CVE-2026-41001)
vulnerability in spring (CVE-2026-41001). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40992 |
|
Vulnerability in spring (CVE-2026-40992)
vulnerability in spring (CVE-2026-40992). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41855 |
|
Unsafe Deserialization in spring (CVE-2026-41855)
vulnerability in spring (CVE-2026-41855). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41854 |
|
SSRF (Server-Side Request Forgery) in spring (CVE-2026-41854)
SSRF in spring (CVE-2026-41854). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41853 |
|
Vulnerability in spring (CVE-2026-41853)
vulnerability in spring (CVE-2026-41853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41852 |
|
Authorization Flaw in spring (CVE-2026-41852)
vulnerability in spring (CVE-2026-41852). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41851 |
|
Vulnerability in spring (CVE-2026-41851)
vulnerability in spring (CVE-2026-41851). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41850 |
|
Vulnerability in spring (CVE-2026-41850)
vulnerability in spring (CVE-2026-41850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41849 |
|
Vulnerability in spring (CVE-2026-41849)
vulnerability in spring (CVE-2026-41849). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41842 |
|
Vulnerability in spring (CVE-2026-41842)
vulnerability in spring (CVE-2026-41842). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41848 |
|
Vulnerability in spring (CVE-2026-41848)
vulnerability in spring (CVE-2026-41848). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41847 |
|
Vulnerability in spring (CVE-2026-41847)
vulnerability in spring (CVE-2026-41847). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41846 |
|
Cross-Site Scripting (XSS) in spring (CVE-2026-41846)
cross-site scripting in spring (CVE-2026-41846). Confidential information can be exposed externally.
|
| CVE-2026-41845 |
|
Cross-Site Scripting (XSS) in spring (CVE-2026-41845)
cross-site scripting in spring (CVE-2026-41845). Confidential information can be exposed externally.
|
| CVE-2026-41844 |
|
Open Redirect in spring (CVE-2026-41844)
vulnerability in spring (CVE-2026-41844). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41843 |
|
Path Traversal in spring (CVE-2026-41843)
path traversal in spring (CVE-2026-41843). Confidential information can be exposed externally.
|
| CVE-2026-41841 |
|
Vulnerability in spring (CVE-2026-41841)
vulnerability in spring (CVE-2026-41841). Confidential information can be exposed externally.
|
| CVE-2026-41840 |
|
Vulnerability in spring (CVE-2026-41840)
vulnerability in spring (CVE-2026-41840). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41839 |
|
Vulnerability in spring (CVE-2026-41839)
vulnerability in spring (CVE-2026-41839). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41838 |
|
Vulnerability in spring (CVE-2026-41838)
vulnerability in spring (CVE-2026-41838). Confidential information can be exposed externally.
|
| CVE-2026-44308 |
|
Vulnerability in io.awspring.cloud:spring-cloud-aws-sns (CVE-2026-44308)
vulnerability in io.awspring.cloud:spring-cloud-aws-sns (CVE-2026-44308). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45091 |
|
Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
|
| CVE-2026-40976 |
|
Vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976)
vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.6` or later.
|
| CVE-2026-40975 |
|
Vulnerability in spring (CVE-2026-40975)
vulnerability in spring (CVE-2026-40975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40974 |
|
Vulnerability in spring (CVE-2026-40974)
vulnerability in spring (CVE-2026-40974). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40971 |
|
Vulnerability in spring (CVE-2026-40971)
vulnerability in spring (CVE-2026-40971). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40970 |
|
Vulnerability in spring (CVE-2026-40970)
vulnerability in spring (CVE-2026-40970). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11226 |
|
Vulnerability in spring (CVE-2025-11226)
vulnerability in spring (CVE-2025-11226). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8046 |
|
Vulnerability in spring (CVE-2017-8046)
vulnerability in spring (CVE-2017-8046). Successful exploitation can lead to full system takeover.
|
| CVE-2016-5007 |
|
Vulnerability in spring (CVE-2016-5007)
vulnerability in spring (CVE-2016-5007). Data can be tampered with by attackers.
|
| CVE-2015-5211 |
|
Vulnerability in spring (CVE-2015-5211)
vulnerability in spring (CVE-2015-5211). Successful exploitation can lead to full system takeover.
|
| CVE-2014-0225 |
|
XXE (XML External Entity) in spring (CVE-2014-0225)
vulnerability in spring (CVE-2014-0225). Successful exploitation can lead to full system takeover.
|