| org.apache.derby:derby |
CVE-2022-46337 |
严重 |
10.14.2.0 |
10.14.2.1, 10.16.1.2, 10.15.2.1 |
A cleverly devised username might bypass LDAP authentication checks. I ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-46337
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2023-11-20 09:15 修改: 2026-06-17 05:11
|
| org.springframework.security:spring-security-web |
CVE-2026-22732 |
严重 |
5.8.16 |
6.5.9, 7.0.4 |
Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22732
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-03-19 23:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-web |
CVE-2016-1000027 |
严重 |
5.3.39 |
6.0.0 |
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000027
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2020-01-02 23:15 修改: 2024-11-21 02:42
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
2.7.18 |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-04-28 00:16 修改: 2026-06-17 10:45
|
| org.springframework.security:spring-security-crypto |
CVE-2025-22228 |
高危 |
5.8.16 |
6.3.8, 6.4.4, 6.2.10, 6.1.14, 6.0.16, 5.8.18, 5.7.16 |
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22228
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2025-03-20 06:15 修改: 2026-06-17 08:45
|
| com.alipay.sofa:hessian |
CVE-2024-46983 |
高危 |
3.3.6 |
3.5.5 |
SOFA Hessian Remote Command Execution (RCE) Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-46983
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-09-19 23:15 修改: 2026-06-17 07:56
|
| org.springframework:spring-core |
CVE-2025-41249 |
高危 |
5.3.39 |
6.2.11 |
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2025-09-16 11:15 修改: 2026-06-17 09:22
|
| org.springframework.boot:spring-boot |
CVE-2025-22235 |
高危 |
2.7.18 |
3.3.11, 3.4.5 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2025-04-28 08:15 修改: 2026-06-17 08:45
|
| org.springframework:spring-webmvc |
CVE-2024-38816 |
高危 |
5.3.39 |
6.1.13 |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-09-13 06:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
5.3.39 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-12-19 18:15 修改: 2026-06-17 07:41
|
| org.springframework.security:spring-security-web |
CVE-2026-47838 |
中危 |
5.8.16 |
6.5.11 |
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-47838
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-06-10 00:16 修改: 2026-06-30 22:16
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
5.3.39 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| commons-lang:commons-lang |
CVE-2025-48924 |
中危 |
2.6 |
|
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2025-07-11 15:15 修改: 2026-06-17 09:30
|
| org.springframework.ldap:spring-ldap-core |
CVE-2024-38829 |
中危 |
2.4.1 |
3.2.8, 2.4.4 |
spring-ldap: Spring LDAP sensitive data exposure for case-sensitive comparisons
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38829
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-12-04 21:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
5.3.39 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-10-18 06:15 修改: 2026-06-17 07:41
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.2.13 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2025-10-01 08:15 修改: 2026-06-25 17:16
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.2.13 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-12-19 16:15 修改: 2026-06-17 07:00
|
| org.springframework:spring-webmvc |
CVE-2024-38828 |
中危 |
5.3.39 |
5.3.42 |
org.springframework:spring-webmvc: DoS via Spring MVC controller method with byte[] parameter
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38828
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-11-18 04:15 修改: 2026-06-17 07:41
|
| org.springframework:spring-webmvc |
CVE-2025-41242 |
中危 |
5.3.39 |
6.2.10 |
org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2025-08-18 09:15 修改: 2026-06-17 09:22
|
| org.springframework:spring-webmvc |
CVE-2026-22737 |
中危 |
5.3.39 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
5.3.39 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.2.13 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2024-12-19 17:15 修改: 2026-06-17 07:00
|
| ch.qos.logback:logback-core |
CVE-2026-10532 |
低危 |
1.2.13 |
1.5.34 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-10532
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-06-01 13:16 修改: 2026-06-17 10:12
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
5.3.39 |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2025-05-16 20:15 修改: 2026-06-17 08:45
|
| org.springframework.security:spring-security-core |
CVE-2026-22746 |
低危 |
5.8.16 |
6.5.10, 7.0.5 |
Spring Security: Spring Security: Timing attack defense bypass allows information disclosure
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22746
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-04-22 06:16 修改: 2026-06-17 10:20
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.2.13 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-01-22 10:16 修改: 2026-06-17 10:15
|
| ch.qos.logback:logback-core |
CVE-2026-9828 |
低危 |
1.2.13 |
1.5.33 |
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-9828
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-05-28 14:16 修改: 2026-06-17 11:05
|
| org.springframework:spring-webmvc |
CVE-2026-22735 |
低危 |
5.3.39 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-03-20 00:16 修改: 2026-06-17 10:20
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
5.3.39 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:da249eeda6f156faccbf0bb5703725c9f9f98134268e820de40f7dabe92c50ea
发布日期: 2026-04-29 12:16 修改: 2026-06-17 10:20
|