| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-1932 | Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss | Red Hat | A-MQ Clients 2 | Medium | 6.1 | 2024-11-07 10:00:52 | Deep Dive |
| CVE-2024-38821 | Authorization Bypass of Static Resources in WebFlux Applications | Spring | Spring | Critical | 9.1 | 2024-10-28 07:06:13 | Deep Dive |
| CVE-2024-38820 | CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception | VMware | Spring | Low | 3.1 | 2024-10-18 05:39:05 | Deep Dive |
| CVE-2024-38809 | VMware Spring Framework 安全漏洞 | N/A | Spring Framework | Medium | 5.3 | 2024-09-27 16:39:53 | Deep Dive |
| CVE-2024-38816 | CVE-2024-38816: Path traversal vulnerability in functional web frameworks | Spring | Spring | High | 7.5 | 2024-09-13 06:10:07 | Deep Dive |
| CVE-2023-6841 | Keycloak: amount of attributes per object is not limited and it may lead to dos | - | - | High | 7.5 | 2024-09-10 16:15:33 | Deep Dive |
| CVE-2024-38807 | CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader | Spring | Spring Boot | Medium | 6.3 | 2024-08-23 08:26:12 | Deep Dive |
| CVE-2024-7885 | Undertow: improper state management in proxy protocol parsing causes information leakage | - | - | High | 7.5 | 2024-08-21 14:13:37 | Deep Dive |
| CVE-2024-38808 | CVE-2024-38808: Spring Expression DoS Vulnerability | Spring | Spring Framework | Medium | 4.3 | 2024-08-20 07:12:45 | Deep Dive |
| CVE-2024-38810 | Missing Authorization When Using @AuthorizeReturnObject | spring | spring security | Medium | 6.5 | 2024-08-20 03:35:25 | Deep Dive |
| CVE-2024-37084 | CVE-2024-37084: Remote code execution in Spring Cloud Data Flow | Spring | Spring Cloud Data Flow | Critical | 9.8 | 2024-07-25 09:17:50 | Deep Dive |
| CVE-2024-22271 | Spring Cloud Function Web DOS Vulnerability | Spring by VMware Tanzu | Spring Cloud Function Framework | High | 8.2 | 2024-07-09 12:50:16 | Deep Dive |
| CVE-2024-3653 | Undertow: learningpushhandler can lead to remote memory dos attacks | - | - | Medium | 5.3 | 2024-07-08 21:21:21 | Deep Dive |
| CVE-2024-5971 | Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket | - | - | High | 7.5 | 2024-07-08 20:51:29 | Deep Dive |
| CVE-2024-6162 | Undertow: url-encoded request path information can be broken on ajp-listener | - | - | High | 7.5 | 2024-06-20 14:33:10 | Deep Dive |
| CVE-2024-22263 | Arbitrary File Write Vulnerability in Spring Cloud Data Flow | Spring by VMware Tanzu | Spring Cloud Skipper | High | 8.8 | 2024-06-19 14:48:11 | Deep Dive |
| CVE-2024-22262 | CVE-2024-22262: Spring Framework URL Parsing with Host Validation | Spring | Spring Framework | High | 8.1 | 2024-04-16 05:54:13 | Deep Dive |
| CVE-2024-1300 | Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support | - | - | Medium | 5.4 | 2024-04-02 07:33:05 | Deep Dive |
| CVE-2024-1023 | Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx | - | - | Medium | 6.5 | 2024-03-27 07:51:16 | Deep Dive |
| CVE-2023-5685 | Xnio: stackoverflowexception when the chain of notifier states becomes problematically big | Red Hat | Red Hat build of Apache Camel 4.4.0 for Spring Boot | High | 7.5 | 2024-03-22 18:24:43 | Deep Dive |