Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how spring compares to other vendors in security performance

View Risk Score →

VMware Spring AiChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Risk 43
Severity
7.5
First published (updated )
CVE-2026-41712

VMware Spring Cloud ConfigThe base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server…

Risk 75
Severity
8.1
First published (updated )
CVE-2026-41002

Spring Spring gRPCSpring gRPC AuthenticationException message reflected to remote client

Risk 27
Severity
5.3
First published (updated )
CVE-2026-40969

Spring Spring gRPCSpring gRPC SecurityContext leaks across requests on authorization failure

Risk 79
Severity
8.8
First published (updated )
CVE-2026-40968

VMware Spring AiIn Spring AI, having access to a shared environment can expose the ONNX model used by the applicatio…

Risk 41
Severity
6.1
First published (updated )
CVE-2026-40979
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring BootA local attacker on the same host as the application may be able to take control of the directory us…

Risk 63
Severity
7
First published (updated )
CVE-2026-40973

Spring Spring Securityervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22754

Spring Spring SecurityServlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22753

VMware Spring SecurityPotential Security Misconfiguration when Using withIssuerLocation

Risk 38
Severity
6.5
First published (updated )
CVE-2026-22748

Spring Spring SecurityUnauthorized User Impersonation when Using X.509 Client Certificates

Risk 60
Severity
8.1
First published (updated )
CVE-2026-22747
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

VMware Spring SecurityUser Attribute Enumeration when Using DaoAuthenticationProvider

Risk 20
Severity
3.7
First published (updated )
CVE-2026-22746

VMware Spring SecuritySpring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Risk 32
Severity
4.8
First published (updated )
CVE-2026-22751

VMware Spring AiSpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution

Risk 86
Severity
9.8
First published (updated )
CVE-2026-22738

Spring Spring BootSpring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2449290

CVE-2026-22729: JSONPath Injection in Spring AI’s PgVectorStore

First published (updated )
Social
reddit
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector Store

First published (updated )
Social
reddit

maven/org.springframework.ai:spring-ai-vector-storeJSONPath Injection in Spring AI Vector Stores FilterExpressionConverter

Risk 51
Severity
8.6
First published (updated )
CVE-2026-22729

Spring SpringBladeIncorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-…

Risk 82
Severity
9.9
First published (updated )
CVE-2025-70983

maven/org.springframework.security:spring-security-coreSpring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation

Risk 28
Severity
5.3
First published (updated )
CVE-2025-22234

Spring Cloud Gateway Server WebfluxSpring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

Risk 43
Severity
7.5
First published (updated )
CVE-2025-41253
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.springframework.cloud:spring-cloud-gateway-server-webfluxSpring Expression Language property modification using Spring Cloud Gateway Server WebFlux

Risk 87
Severity
10
First published (updated )
CVE-2025-41243

Spring FrameworkThe Spring Framework annotation detection mechanism may not correctly resolve annotations on methods…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2395725

maven/org.springframework:spring-coreSpring Framework Annotation Detection Vulnerability

Risk 43
Severity
7.5
First published (updated )
CVE-2025-41249

maven/org.springframework.security:spring-security-coreSpring Security authorization bypass for method security annotations on parameterized types

Risk 43
Severity
7.5
First published (updated )
CVE-2025-41248

maven/org.springframework:spring-webmvcPath traversal vulnerability on non-compliant Servlet containers

Risk 35
Severity
5.9
First published (updated )
CVE-2025-41242
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.springframework.cloud:spring-cloud-gateway-serverSpring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Risk 49
Severity
8.6
First published (updated )
CVE-2025-41235

maven/org.springframework:spring-contextSpring Framework DataBinder Case Sensitive Match Exception

Risk 17
Severity
3.1
First published (updated )
CVE-2025-22233

maven/org.springframework.boot:spring-bootSpring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

Risk 51
Severity
7.3
First published (updated )
CVE-2025-22235

Spring Cloud ConfigSpring Cloud Config Server May Not Use Vault Token Sent By Clients

Risk 27
Severity
5.3
First published (updated )
CVE-2025-22232

Spring Spring SecurityBCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2353507
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203