| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-6108 | hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal | hansonwang99 | Spring-Boot-In-Action | Medium | 6.3 | 2025-06-16 05:31:05 | Deep Dive |
| CVE-2025-4511 | vector4wang spring-boot-quick quick-img2txt Img2TxtController.java ResponseEntity path traversal | vector4wang | spring-boot-quick | Medium | 6.3 | 2025-05-10 18:31:05 | Deep Dive |
| CVE-2025-4175 | AlanBinu007 Spring-Boot-Advanced-Projects Upload Profile API Endpoint UserProfileController.java uploadUserProfileImage path traversal | AlanBinu007 | Spring-Boot-Advanced-Projects | Medium | 6.3 | 2025-05-01 20:31:04 | Deep Dive |
| CVE-2025-22235📌 | Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed | Spring | Spring Boot | High | 7.3 | 2025-04-28 07:10:35 | Deep Dive |
| CVE-2025-2240 | Smallrye-fault-tolerance: smallrye fault tolerance | - | - | High | 7.5 | 2025-03-12 14:55:16 | Deep Dive |
| CVE-2023-4639 | Undertow: cookie smuggling/spoofing | Red Hat | Migration Toolkit for Runtimes 1 on RHEL 8 | High | 7.4 | 2024-11-17 10:21:45 | Deep Dive |
| CVE-2023-1932 | Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss | Red Hat | A-MQ Clients 2 | Medium | 6.1 | 2024-11-07 10:00:52 | Deep Dive |
| CVE-2023-6841 | Keycloak: amount of attributes per object is not limited and it may lead to dos | - | - | High | 7.5 | 2024-09-10 16:15:33 | Deep Dive |
| CVE-2024-38807 | CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader | Spring | Spring Boot | Medium | 6.3 | 2024-08-23 08:26:12 | Deep Dive |
| CVE-2024-7885 | Undertow: improper state management in proxy protocol parsing causes information leakage EPSS 0.11 | - | - | High | 7.5 | 2024-08-21 14:13:37 | Deep Dive |
| CVE-2024-3653 | Undertow: learningpushhandler can lead to remote memory dos attacks | - | - | Medium | 5.3 | 2024-07-08 21:21:21 | Deep Dive |
| CVE-2024-5971 | Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket | - | - | High | 7.5 | 2024-07-08 20:51:29 | Deep Dive |
| CVE-2024-6162 | Undertow: url-encoded request path information can be broken on ajp-listener | - | - | High | 7.5 | 2024-06-20 14:33:10 | Deep Dive |
| CVE-2024-1300 | Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support | - | - | Medium | 5.4 | 2024-04-02 07:33:05 | Deep Dive |
| CVE-2024-1023 | Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx | - | - | Medium | 6.5 | 2024-03-27 07:51:16 | Deep Dive |
| CVE-2023-5685 | Xnio: stackoverflowexception when the chain of notifier states becomes problematically big | Red Hat | Red Hat build of Apache Camel 4.4.0 for Spring Boot | High | 7.5 | 2024-03-22 18:24:43 | Deep Dive |
| CVE-2024-1635 | Undertow: out-of-memory error after several closed connections with wildfly-http-client protocol EPSS 0.23 | - | - | High | 7.5 | 2024-02-19 21:23:14 | Deep Dive |
| CVE-2023-5236 | Infinispan: circular reference on marshalling leads to dos | Red Hat | Red Hat Data Grid 8.4.4 | Medium | 4.4 | 2023-12-18 13:43:08 | Deep Dive |
| CVE-2023-5379 | Undertow: ajp request closes connection exceeding maxrequestsize | Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | High | 7.5 | 2023-12-12 21:54:53 | Deep Dive |
| CVE-2023-34055 | Spring Boot server Web Observations DoS Vulnerability | Spring | Spring Boot | Medium | 5.3 | 2023-11-28 08:27:25 | Deep Dive |