| org.apache.tika:tika-core |
CVE-2025-66516 |
严重 |
2.9.2 |
3.2.2 |
tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56
|
| org.apache.tika:tika-core |
CVE-2025-66516 |
严重 |
2.9.2 |
3.2.2 |
tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66516
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-12-04 17:15 修改: 2026-06-17 09:56
|
| org.springframework.security:spring-security-web |
CVE-2024-38821 |
严重 |
6.3.3 |
5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 |
Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-10-28 07:15 修改: 2026-06-17 07:41
|
| org.springframework.security:spring-security-web |
CVE-2024-38821 |
严重 |
6.3.3 |
5.7.13, 5.8.15, 6.2.7, 6.0.13, 6.1.11, 6.3.4 |
Spring-WebFlux: Authorization Bypass of Static Resources in WebFlux Applications
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38821
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-10-28 07:15 修改: 2026-06-17 07:41
|
| org.springframework.security:spring-security-web |
CVE-2026-22732 |
严重 |
6.3.3 |
6.5.9, 7.0.4 |
Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20
|
| org.springframework.security:spring-security-web |
CVE-2026-22732 |
严重 |
6.3.3 |
6.5.9, 7.0.4 |
Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.9.4 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.9.4 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-05-28 14:15 修改: 2026-06-17 09:30
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.113.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec |
CVE-2026-42583 |
高危 |
4.1.113.Final |
4.1.133.Final |
netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42583
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http |
CVE-2026-33870 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.10.Final |
io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33870
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-codec-http |
CVE-2026-42584 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42584
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-codec-http |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-codec-http2 |
CVE-2025-55163 |
高危 |
4.1.113.Final |
4.2.4.Final, 4.1.124.Final |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-http2 |
CVE-2025-55163 |
高危 |
4.1.113.Final |
4.2.4.Final, 4.1.124.Final |
netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55163
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-08-13 15:15 修改: 2026-06-17 09:41
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-33871 |
高危 |
4.1.113.Final |
4.1.132.Final, 4.2.11.Final |
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-33871
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-27 20:16 修改: 2026-07-03 13:17
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-codec-http2 |
CVE-2026-42587 |
高危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42587
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.113.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59
|
| io.netty:netty-handler |
CVE-2025-24970 |
高危 |
4.1.113.Final |
4.1.118.Final |
io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24970
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-02-10 22:15 修改: 2026-06-17 08:59
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-11 22:16 修改: 2026-07-10 12:16
|
| io.netty:netty-handler |
CVE-2026-44249 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-44249
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-11 22:16 修改: 2026-07-10 12:16
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17
|
| io.netty:netty-handler |
CVE-2026-45416 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45416
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-12 15:16 修改: 2026-07-10 12:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17
|
| io.netty:netty-handler |
CVE-2026-50010 |
高危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50010
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17
|
| net.minidev:json-smart |
CVE-2024-57699 |
高危 |
2.5.1 |
2.5.2 |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13
|
| net.minidev:json-smart |
CVE-2024-57699 |
高危 |
2.5.1 |
2.5.2 |
json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-57699
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-02-05 22:15 修改: 2026-06-17 08:13
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.17.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54512 |
高危 |
2.17.2 |
2.18.8, 3.1.4, 2.21.4 |
jackson-databind: jackson-databind: Arbitrary code execution via PolymorphicTypeValidator bypass
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54512
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 21:01
|
| org.eclipse.jetty.http2:jetty-http2-common |
CVE-2025-1948 |
高危 |
12.0.13 |
12.0.17 |
jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1948
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-05-08 18:15 修改: 2026-06-17 08:40
|
| org.eclipse.jetty.http2:jetty-http2-common |
CVE-2025-1948 |
高危 |
12.0.13 |
12.0.17 |
jetty-http2-common: Jetty HTTP/2 Header List Size Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-1948
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-05-08 18:15 修改: 2026-06-17 08:40
|
| org.eclipse.jetty.http2:jetty-http2-common |
CVE-2025-5115 |
高危 |
12.0.13 |
12.0.25, 12.1.0.beta3 |
jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47
|
| org.eclipse.jetty.http2:jetty-http2-common |
CVE-2025-5115 |
高危 |
12.0.13 |
12.0.25, 12.1.0.beta3 |
jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-5115
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-08-20 20:15 修改: 2026-06-17 09:47
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
12.0.13 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17
|
| org.eclipse.jetty:jetty-http |
CVE-2026-2332 |
高危 |
12.0.13 |
12.1.7, 12.0.33 |
org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-2332
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-14 12:16 修改: 2026-07-02 12:17
|
| org.eclipse.jetty:jetty-server |
CVE-2026-1605 |
高危 |
12.0.13 |
12.1.6, 12.0.32 |
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1605
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-05 10:15 修改: 2026-06-30 03:17
|
| org.eclipse.jetty:jetty-server |
CVE-2026-1605 |
高危 |
12.0.13 |
12.1.6, 12.0.32 |
org.eclipse.jetty/jetty-server: Eclipse Jetty: Denial of Service due to unreleased JDK Inflater from compressed HTTP requests
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1605
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-05 10:15 修改: 2026-06-30 03:17
|
| org.postgresql:postgresql |
CVE-2025-49146 |
高危 |
42.7.4 |
42.7.7 |
pgjdbc: pgjdbc insecure authentication in channel binding
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49146
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-06-11 15:15 修改: 2026-06-17 09:30
|
| org.postgresql:postgresql |
CVE-2025-49146 |
高危 |
42.7.4 |
42.7.7 |
pgjdbc: pgjdbc insecure authentication in channel binding
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49146
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-06-11 15:15 修改: 2026-06-17 09:30
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.7.4 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-29 16:16 修改: 2026-07-10 12:16
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.7.4 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-29 16:16 修改: 2026-07-10 12:16
|
| org.springframework.boot:spring-boot |
CVE-2025-22235 |
高危 |
3.3.4 |
3.3.11, 3.4.5 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45
|
| org.springframework.boot:spring-boot |
CVE-2025-22235 |
高危 |
3.3.4 |
3.3.11, 3.4.5 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
3.3.4 |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
3.3.4 |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45
|
| org.springframework.boot:spring-boot-starter-actuator |
CVE-2026-22733 |
高危 |
3.3.4 |
4.0.4, 3.5.12 |
Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22733
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework.boot:spring-boot-starter-actuator |
CVE-2026-22733 |
高危 |
3.3.4 |
4.0.4, 3.5.12 |
Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22733
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework.security:spring-security-crypto |
CVE-2025-22228 |
高危 |
6.3.3 |
6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45
|
| org.springframework.security:spring-security-crypto |
CVE-2025-22228 |
高危 |
6.3.3 |
6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-23 21:17 修改: 2026-07-09 13:17
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54513 |
高危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54513
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-23 21:17 修改: 2026-07-09 13:17
|
| com.mchange:mchange-commons-java |
CVE-2026-27727 |
高危 |
0.2.15 |
0.4.0 |
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17
|
| com.mchange:mchange-commons-java |
CVE-2026-27727 |
高危 |
0.2.15 |
0.4.0 |
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-27727
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-02-25 17:25 修改: 2026-07-02 12:17
|
| org.springframework:spring-core |
CVE-2025-41249 |
高危 |
6.1.13 |
6.2.11 |
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-core |
CVE-2025-41249 |
高危 |
6.1.13 |
6.2.11 |
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
6.1.13 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
6.1.13 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.17.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54515 |
中危 |
2.17.2 |
3.1.4, 2.18.9, 2.21.5, 2.22.1 |
jackson-databind: jackson-databind: Ignored properties can be unexpectedly modified
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54515
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-23 21:17 修改: 2026-06-29 13:38
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.17.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.17.2 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.37.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-28 17:16 修改: 2026-07-09 13:17
|
| io.opentelemetry:opentelemetry-api |
CVE-2026-45292 |
中危 |
1.37.0 |
1.62.0 |
opentelemetry-java: opentelemetry-api: opentelemetry-extension-trace-propagators: OpenTelemetry Java: Denial of Service due to unbounded memory allocation when parsing oversized baggage
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-45292
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-28 17:16 修改: 2026-07-09 13:17
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.113.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| io.netty:netty-codec-http |
CVE-2025-67735 |
中危 |
4.1.113.Final |
4.2.8.Final, 4.1.129.Final |
netty-codec-http: Netty (netty-codec-http): Request Smuggling via CRLF Injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-67735
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-12-16 01:15 修改: 2026-06-17 09:58
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.14.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.14.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.23.1 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2025-68161 |
中危 |
2.23.1 |
2.25.3 |
Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-68161
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-12-18 21:15 修改: 2026-06-17 09:58
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.23.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34477 |
中危 |
2.23.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Man-in-the-middle attack due to incomplete hostname verification
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34477
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34478 |
中危 |
2.23.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34478 |
中危 |
2.23.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34478
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.23.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| org.apache.logging.log4j:log4j-core |
CVE-2026-34480 |
中危 |
2.23.1 |
2.25.4 |
org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34480
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-10 16:16 修改: 2026-06-17 10:39
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| io.netty:netty-codec-http |
CVE-2026-41417 |
中危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41417
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-06 22:16 修改: 2026-06-17 10:46
|
| org.eclipse.angus:smtp |
CVE-2025-7962 |
中危 |
2.0.3 |
2.0.4 |
com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16
|
| org.eclipse.angus:smtp |
CVE-2025-7962 |
中危 |
2.0.3 |
2.0.4 |
com.sun.mail/jakarta.mail: Jakarta Mail SMTP Injection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-7962
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-07-21 18:15 修改: 2026-06-23 12:16
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42580 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: Netty: Request smuggling via chunk size parser integer overflow
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42580
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-codec-http |
CVE-2026-42581 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42581
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-42585 |
中危 |
4.1.113.Final |
4.2.13.Final, 4.1.133.Final |
netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42585
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-06-17 10:48
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-http |
CVE-2026-50020 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50020
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2025-53864 |
中危 |
9.41.1 |
10.0.2, 9.37.4 |
com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39
|
| com.nimbusds:nimbus-jose-jwt |
CVE-2025-53864 |
中危 |
9.41.1 |
10.0.2, 9.37.4 |
com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53864
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-07-11 03:16 修改: 2026-06-17 09:39
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.5.8 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.5.8 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-47244 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service via uncontrolled HTTP/2 concurrent streams
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47244
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-12 15:16 修改: 2026-06-17 10:54
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.113.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17
|
| io.netty:netty-codec-http2 |
CVE-2026-48043 |
中危 |
4.1.113.Final |
4.1.135.Final, 4.2.15.Final |
netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-48043
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-12 16:16 修改: 2026-07-10 12:17
|
| org.springframework.security:spring-security-core |
CVE-2024-38827 |
中危 |
6.3.3 |
5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 |
spring-security: authorization bypass for case sensitive comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-12-02 15:15 修改: 2026-06-17 07:41
|
| org.springframework.security:spring-security-core |
CVE-2024-38827 |
中危 |
6.3.3 |
5.7.14, 5.8.16, 6.0.14, 6.1.12, 6.2.8, 6.3.5 |
spring-security: authorization bypass for case sensitive comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38827
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-12-02 15:15 修改: 2026-06-17 07:41
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| io.netty:netty-codec-http2 |
CVE-2026-50560 |
中危 |
4.1.113.Final |
4.2.15.Final, 4.1.135.Final |
netty-codec-http2: Netty: Denial of Service due to HTTP/2 max header size handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-50560
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-12 16:16 修改: 2026-06-17 10:57
|
| org.springframework.security:spring-security-oauth2-jose |
CVE-2026-22748 |
中危 |
6.3.3 |
6.5.10, 7.0.5 |
Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22748
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
|
| org.springframework.security:spring-security-oauth2-jose |
CVE-2026-22748 |
中危 |
6.3.3 |
6.5.10, 7.0.5 |
Spring Security: Spring Security: Integrity impact due to improper JSON Web Token (JWT) validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22748
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.113.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2024-47535 |
中危 |
4.1.113.Final |
4.1.115.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47535
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-11-12 16:15 修改: 2026-06-17 07:57
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.113.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| io.netty:netty-common |
CVE-2025-25193 |
中危 |
4.1.113.Final |
4.1.118.Final |
netty: Denial of Service attack on windows app using Netty
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-25193
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-02-10 22:15 修改: 2026-06-17 09:00
|
| org.springframework.security:spring-security-web |
CVE-2026-47838 |
中危 |
6.3.3 |
6.5.11 |
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16
|
| org.springframework.security:spring-security-web |
CVE-2026-47838 |
中危 |
6.3.3 |
6.5.11 |
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.113.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| io.netty:netty-codec |
CVE-2025-58057 |
中危 |
4.1.113.Final |
4.1.125.Final |
netty-codec: netty-codec-compression: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58057
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-09-04 10:42 修改: 2026-06-17 09:43
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
6.1.13 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-web |
CVE-2025-41234 |
中危 |
6.1.13 |
6.2.8, 6.1.21 |
springframework: Reflected download attack in Spring Framework with non-ASCII headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-web |
CVE-2025-41234 |
中危 |
6.1.13 |
6.2.8, 6.1.21 |
springframework: Reflected download attack in Spring Framework with non-ASCII headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41234
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-06-12 22:15 修改: 2026-06-17 09:22
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| com.fasterxml.jackson.core:jackson-databind |
CVE-2026-54514 |
中危 |
2.17.2 |
2.18.8, 2.21.4, 3.1.4 |
jackson-databind: jackson-databind: Information Disclosure via Eager DNS Resolution
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-54514
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-23 21:17 修改: 2026-06-27 20:55
|
| org.springframework:spring-webmvc |
CVE-2025-41242 |
中危 |
6.1.13 |
6.2.10 |
org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-webmvc |
CVE-2025-41242 |
中危 |
6.1.13 |
6.2.10 |
org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-webmvc |
CVE-2026-22737 |
中危 |
6.1.13 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22737 |
中危 |
6.1.13 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
6.1.13 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
6.1.13 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| io.netty:netty-handler-proxy |
CVE-2026-42578 |
低危 |
4.1.113.Final |
4.1.133.Final, 4.2.13.Final |
netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42578
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-13 19:17 修改: 2026-07-10 12:16
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
6.1.13 |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
6.1.13 |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
12.0.13 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| org.eclipse.jetty:jetty-http |
CVE-2025-11143 |
低危 |
12.0.13 |
12.0.31, 12.1.5 |
org.eclipse.jetty/jetty-http: org.eclipse.jetty: Security bypass due to differential URI parsing
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11143
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-05 10:15 修改: 2026-06-17 08:29
|
| org.springframework.security:spring-security-core |
CVE-2026-22746 |
低危 |
6.3.3 |
6.5.10, 7.0.5 |
Spring Security: Spring Security: Timing attack defense bypass allows information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
|
| org.springframework.security:spring-security-core |
CVE-2026-22746 |
低危 |
6.3.3 |
6.5.10, 7.0.5 |
Spring Security: Spring Security: Timing attack defense bypass allows information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
|
| ch.qos.logback:logback-core |
CVE-2026-10532 |
低危 |
1.5.8 |
1.5.35 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12
|
| ch.qos.logback:logback-core |
CVE-2026-10532 |
低危 |
1.5.8 |
1.5.35 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.5.8 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.5.8 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.113.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| io.netty:netty-codec-http |
CVE-2025-58056 |
低危 |
4.1.113.Final |
4.1.125.Final, 4.2.5.Final |
netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-58056
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2025-09-03 21:15 修改: 2026-06-17 09:43
|
| ch.qos.logback:logback-core |
CVE-2026-9828 |
低危 |
1.5.8 |
1.5.33 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05
|
| ch.qos.logback:logback-core |
CVE-2026-9828 |
低危 |
1.5.8 |
1.5.33 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.5.8 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| org.springframework:spring-webmvc |
CVE-2026-22735 |
低危 |
6.1.13 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22735 |
低危 |
6.1.13 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
6.1.13 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:bb91cbd7b53f41fbff2fa970ec58b7d33b4ad37b51c30faa1d09742799e62ebe
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
6.1.13 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:f3eb02ab324944095bc98626851e20d7dfa67990e566eb97f19f09265daa3ed6
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|