| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6857 | Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization | Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | High | 7.5 | 2026-04-22 12:55:01 | Deep Dive |
| CVE-2026-22754 | ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules | Spring | Spring Security | High | 7.5 | 2026-04-22 05:32:48 | Deep Dive |
| CVE-2026-22753 | Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers | Spring | Spring Security | High | 7.5 | 2026-04-22 05:20:31 | Deep Dive |
| CVE-2026-22748 | Potential Security Misconfiguration when Using withIssuerLocation | Spring | Spring Security | Medium | 5.3 | 2026-04-22 05:15:04 | Deep Dive |
| CVE-2026-22747 | Unauthorized User Impersonation when Using X.509 Client Certificates | Spring | Spring Security | Medium | 6.8 | 2026-04-22 05:08:41 | Deep Dive |
| CVE-2026-22746 | User Attribute Enumeration when Using DaoAuthenticationProvider | Spring | Spring Security | Low | 3.7 | 2026-04-22 05:02:24 | Deep Dive |
| CVE-2026-22751 | Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions | Spring | Spring Security | Medium | 4.8 | 2026-04-21 18:30:35 | Deep Dive |
| CVE-2026-22750 | SSL bundle configuration silently bypassed in Spring Cloud Gateway | VMware | Spring Cloud Gateway | High | 7.5 | 2026-04-10 07:32:31 | Deep Dive |
| CVE-2026-28369 | Undertow: undertow: request smuggling via malformed http request headers | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:06 | Deep Dive |
| CVE-2026-28367 | Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:05 | Deep Dive |
| CVE-2026-28368 | Undertow: undertow: request smuggling via inconsistent header parsing | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:04 | Deep Dive |
| CVE-2026-22744 | VMware Spring AI 安全漏洞 | Spring | Spring AI | High | 7.5 | 2026-03-27 05:39:00 | Deep Dive |
| CVE-2026-22743 | Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore | Spring | Spring AI | High | 7.5 | 2026-03-27 05:33:21 | Deep Dive |
| CVE-2026-22742 | Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching | Spring | Spring AI | High | 8.6 | 2026-03-27 05:27:41 | Deep Dive |
| CVE-2026-22738 | SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution | Spring | Spring AI | Critical | 9.8 | 2026-03-27 05:21:07 | Deep Dive |
| CVE-2026-3260 | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | Medium | 5.9 | 2026-03-24 04:11:16 | Deep Dive |
| CVE-2026-22739 | Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks | Spring | Spring Cloud | High | 8.6 | 2026-03-24 00:16:53 | Deep Dive |
| CVE-2026-22737 | Spring Framework Improper Path Limitation with Script View Templates | Spring | Spring Framework | Medium | 5.9 | 2026-03-19 23:54:00 | Deep Dive |
| CVE-2026-22735 | Server Sent Event stream corruption | Spring | Spring Foundation | Low | 2.6 | 2026-03-19 23:37:36 | Deep Dive |
| CVE-2026-22733 | Authentication Bypass under Actuator CloudFoundry endpoints | Spring | Spring Security | High | 8.2 | 2026-03-19 23:29:10 | Deep Dive |