| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-24813 |
严重 |
9.0.69 |
11.0.3, 10.1.35, 9.0.99 |
tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-24813
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-03-10 17:15 修改: 2025-10-23 14:49
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41293 |
严重 |
9.0.69 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41293
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:57
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43512 |
严重 |
9.0.69 |
9.0.118, 10.1.55, 11.0.22 |
tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43512
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:54
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43515 |
严重 |
9.0.69 |
9.0.118, 10.1.55, 11.0.22 |
Improper Authorization vulnerability when multiple method constraints ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43515
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:52
|
| org.postgresql:postgresql |
CVE-2024-1597 |
严重 |
42.3.8 |
42.2.28, 42.3.9, 42.4.4, 42.5.5, 42.6.1, 42.7.2 |
pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-1597
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-02-19 13:15 修改: 2025-11-03 22:16
|
| org.springframework:spring-web |
CVE-2016-1000027 |
严重 |
5.3.24 |
6.0.0 |
spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-1000027
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2020-01-02 23:15 修改: 2024-11-21 02:42
|
| org.springframework:spring-webmvc |
CVE-2023-20860 |
严重 |
5.3.24 |
6.0.7, 5.3.26 |
springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20860
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-03-27 22:15 修改: 2025-02-19 19:15
|
| com.fasterxml.jackson.core:jackson-core |
CVE-2025-52999 |
高危 |
2.13.4 |
2.15.0 |
com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52999
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-06-25 17:15 修改: 2026-04-15 00:35
|
| com.squareup.okhttp3:okhttp |
CVE-2021-0341 |
高危 |
4.0.1 |
4.9.2 |
okhttp: information disclosure via improperly used cryptographic function
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-0341
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2021-02-10 17:15 修改: 2024-11-21 05:42
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-24998 |
高危 |
9.0.69 |
10.1.5, 11.0.0-M5, 8.5.88, 9.0.71 |
FileUpload: FileUpload DoS with excessive parts
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-24998
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-02-20 16:15 修改: 2025-11-03 22:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-46589 |
高危 |
9.0.69 |
11.0.0-M11, 10.1.16, 9.0.83, 8.5.96 |
tomcat: HTTP request smuggling via malformed trailer headers
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-46589
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-11-28 16:15 修改: 2025-08-07 11:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-34750 |
高危 |
9.0.69 |
11.0.0-M21, 10.1.25, 9.0.90 |
tomcat: Improper Handling of Exceptional Conditions
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-34750
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-07-03 20:15 修改: 2025-11-03 20:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-50379 |
高危 |
9.0.69 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-50379
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-12-17 13:15 修改: 2025-11-03 21:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-56337 |
高危 |
9.0.69 |
11.0.2, 10.1.34, 9.0.98 |
tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-56337
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-12-20 16:15 修改: 2025-11-03 21:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48988 |
高危 |
9.0.69 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat DoS in multipart upload
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48988
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-06-16 15:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-48989 |
高危 |
9.0.69 |
11.0.10, 10.1.44, 9.0.108 |
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48989
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-08-13 13:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-52520 |
高危 |
9.0.69 |
11.0.9, 10.1.43, 9.0.107 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-52520
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-07-10 19:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-53506 |
高危 |
9.0.69 |
9.0.107, 10.1.43, 11.0.9 |
tomcat: Apache Tomcat denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-53506
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-07-10 20:15 修改: 2025-11-04 22:16
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55752 |
高危 |
9.0.69 |
11.0.11, 10.1.45, 9.0.109 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55752
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24880 |
高危 |
9.0.69 |
9.0.116, 10.1.52, 11.0.20 |
Apache Tomcat: Apache Tomcat: HTTP Request/Response Smuggling via invalid chunk extension
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24880
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-09 20:16 修改: 2026-04-14 20:02
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-34483 |
高危 |
9.0.69 |
9.0.116, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34483
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-09 20:16 修改: 2026-04-14 12:46
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-34487 |
高危 |
9.0.69 |
9.0.117, 10.1.54, 11.0.21 |
Apache Tomcat: Apache Tomcat: Information disclosure via sensitive data in log files
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-34487
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-09 20:16 修改: 2026-04-14 12:44
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-41284 |
高危 |
9.0.69 |
9.0.118, 10.1.55, 11.0.22 |
Allocation of Resources Without Limits or Throttling vulnerability in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-41284
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:59
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-42498 |
高危 |
9.0.69 |
9.0.118, 10.1.55, 11.0.22 |
Exposure of HTTP Authentication Header to unexpected hosts during WebS ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42498
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:51
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43513 |
高危 |
9.0.69 |
9.0.118, 10.1.55, 11.0.22 |
Improper Handling of Case Sensitivity vulnerability in LockOutRealm in ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43513
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-05-12 16:16 修改: 2026-05-15 15:53
|
| commons-beanutils:commons-beanutils |
CVE-2025-48734 |
高危 |
1.9.4 |
1.11.0 |
commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48734
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-05-28 14:15 修改: 2025-11-03 20:19
|
| org.postgresql:postgresql |
CVE-2026-42198 |
高危 |
42.3.8 |
42.7.11 |
jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-42198
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-29 16:16 修改: 2026-05-01 12:51
|
| org.springframework.boot:spring-boot |
CVE-2025-22235 |
高危 |
2.7.6 |
3.3.11, 3.4.5 |
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22235
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-04-28 08:15 修改: 2026-04-15 00:35
|
| org.springframework.boot:spring-boot |
CVE-2026-40973 |
高危 |
2.7.6 |
4.0.6, 3.5.14 |
Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-40973
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-28 00:16 修改: 2026-04-30 14:25
|
| org.springframework.boot:spring-boot-autoconfigure |
CVE-2023-20883 |
高危 |
2.7.6 |
3.0.7, 2.7.12, 2.6.15, 2.5.15 |
spring-boot: Spring Boot Welcome Page DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20883
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-05-26 17:15 修改: 2025-01-16 15:15
|
| org.springframework:spring-core |
CVE-2025-41249 |
高危 |
5.3.24 |
6.2.11 |
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41249
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-09-16 11:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-expression |
CVE-2023-20863 |
高危 |
5.3.24 |
6.0.8, 5.3.27, 5.2.24.RELEASE |
springframework: Spring Expression DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20863
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-04-13 20:15 修改: 2025-02-07 17:15
|
| ch.qos.logback:logback-classic |
CVE-2023-6378 |
高危 |
1.2.11 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
|
| org.springframework:spring-web |
CVE-2024-22243 |
高危 |
5.3.24 |
6.1.4, 6.0.17, 5.3.32 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22243
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-02-23 05:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-web |
CVE-2024-22259 |
高危 |
5.3.24 |
6.1.5, 6.0.18, 5.3.33 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22259
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-03-16 05:15 修改: 2025-06-10 15:55
|
| org.springframework:spring-web |
CVE-2024-22262 |
高危 |
5.3.24 |
5.3.34, 6.0.19, 6.1.6 |
springframework: URL Parsing with Host Validation
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-22262
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-04-16 06:15 修改: 2026-04-15 00:35
|
| ch.qos.logback:logback-core |
CVE-2023-6378 |
高危 |
1.2.11 |
1.3.12, 1.4.12, 1.2.13 |
logback: serialization vulnerability in logback receiver
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-6378
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-11-29 12:15 修改: 2024-11-29 12:15
|
| org.springframework:spring-webmvc |
CVE-2024-38816 |
高危 |
5.3.24 |
6.1.13 |
spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38816
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-09-13 06:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-webmvc |
CVE-2024-38819 |
高危 |
5.3.24 |
6.1.14 |
org.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38819
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-12-19 18:15 修改: 2026-04-15 00:35
|
| org.yaml:snakeyaml |
CVE-2022-1471 |
高危 |
1.33 |
2.0 |
SnakeYaml: Constructor Deserialization Remote Code Execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1471
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2022-12-01 11:15 修改: 2025-06-18 09:15
|
| org.apache.tomcat.embed:tomcat-embed-websocket |
CVE-2024-23672 |
中危 |
9.0.69 |
11.0.0-M17, 10.1.19, 9.0.86, 8.5.99 |
Tomcat: WebSocket DoS with incomplete closing handshake
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-23672
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-03-13 16:15 修改: 2025-08-07 12:15
|
| com.squareup.okio:okio |
CVE-2023-3635 |
中危 |
2.2.2 |
3.4.0, 1.17.6 |
okio: GzipSource class improper exception handling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-3635
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-07-12 19:15 修改: 2024-11-21 08:17
|
| ch.qos.logback:logback-core |
CVE-2024-12798 |
中危 |
1.2.11 |
1.5.13, 1.3.15 |
logback-core: arbitrary code execution via JaninoEventEvaluator
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12798
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-12-19 16:15 修改: 2026-04-15 00:35
|
| org.apache.commons:commons-lang3 |
CVE-2025-48924 |
中危 |
3.12.0 |
3.18.0 |
commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-48924
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-07-11 15:15 修改: 2025-11-04 22:16
|
| org.apache.shiro:shiro-spring |
CVE-2026-23903 |
中危 |
1.13.0 |
2.1.0 |
org.apache.shiro/shiro-web: Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23903
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-02-09 10:15 修改: 2026-02-11 18:30
|
| com.fasterxml.jackson.core:jackson-core |
GHSA-72hv-8253-57qq |
中危 |
2.13.4 |
2.21.1, 2.18.6 |
jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition
漏洞详情: https://github.com/advisories/GHSA-72hv-8253-57qq
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-02-28 02:01 修改: 2026-04-07 16:30
|
| org.springframework:spring-context |
CVE-2024-38820 |
中危 |
5.3.24 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
|
| ch.qos.logback:logback-core |
CVE-2025-11226 |
中危 |
1.2.11 |
1.5.19, 1.3.16 |
ch.qos.logback/logback-core: Conditional abitrary code execution in logback-core
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-11226
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-10-01 08:15 修改: 2026-04-15 00:35
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-41080 |
中危 |
9.0.69 |
8.5.93, 9.0.80, 10.1.13, 11.0.0-M11 |
tomcat: Open Redirect vulnerability in FORM authentication
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-41080
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-08-25 21:15 修改: 2025-08-07 11:15
|
| org.springframework:spring-expression |
CVE-2023-20861 |
中危 |
5.3.24 |
6.0.7, 5.3.26, 5.2.23.RELEASE |
springframework: Spring Expression DoS Vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-20861
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-03-23 21:15 修改: 2025-02-25 16:15
|
| org.springframework:spring-expression |
CVE-2024-38808 |
中危 |
5.3.24 |
5.3.39 |
spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38808
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-08-20 08:15 修改: 2025-06-18 12:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-42795 |
中危 |
9.0.69 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
tomcat: improper cleaning of recycled objects could lead to information leak
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-42795
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-10-10 18:15 修改: 2025-08-07 11:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-44487 |
中危 |
9.0.69 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-44487
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-10-10 14:15 修改: 2026-05-12 15:10
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2023-45648 |
中危 |
9.0.69 |
11.0.0-M12, 10.1.14, 9.0.81, 8.5.94 |
tomcat: incorrectly parsed http trailer headers can cause request smuggling
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-45648
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2023-10-10 19:15 修改: 2025-08-07 11:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2024-24549 |
中危 |
9.0.69 |
8.5.99, 9.0.86, 10.1.19, 11.0.0-M17 |
Tomcat: HTTP/2 header handling DoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-24549
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-03-13 16:15 修改: 2025-10-29 12:15
|
| org.springframework:spring-web |
CVE-2024-38809 |
中危 |
5.3.24 |
5.3.38, 6.0.23, 6.1.12 |
org.springframework:spring-web: Spring Framework DoS via conditional HTTP request
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38809
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-09-27 17:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-web |
CVE-2024-38820 |
中危 |
5.3.24 |
6.1.14 |
The fix for CVE-2022-22968 made disallowedFieldspatterns in DataBinder ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38820
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-10-18 06:15 修改: 2024-11-29 12:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49124 |
中危 |
9.0.69 |
11.0.8, 10.1.42, 9.0.106 |
Apache Tomcat installer for Windows has an untrusted search path vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49124
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-06-16 15:15 修改: 2025-10-29 12:15
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-49125 |
中危 |
9.0.69 |
11.0.8, 10.1.42, 9.0.106 |
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-49125
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-06-16 15:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-66614 |
中危 |
9.0.69 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: Client certificate verification bypass due to virtual host mapping
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-66614
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-02-17 19:21 修改: 2026-03-11 16:16
|
| org.springframework:spring-webmvc |
CVE-2024-38828 |
中危 |
5.3.24 |
5.3.42 |
org.springframework:spring-webmvc: DoS via Spring MVC controller method with byte[] parameter
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-38828
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-11-18 04:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-webmvc |
CVE-2025-41242 |
中危 |
5.3.24 |
6.2.10 |
org.springframework/spring-webmvc: Spring Framework MVC path traversal vulnerability
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-41242
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-08-18 09:15 修改: 2026-04-15 00:35
|
| org.springframework:spring-webmvc |
CVE-2026-22737 |
中危 |
5.3.24 |
7.0.6, 6.2.17 |
Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22737
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-03-20 00:16 修改: 2026-04-23 14:20
|
| org.springframework:spring-webmvc |
CVE-2026-22745 |
中危 |
5.3.24 |
7.0.7, 6.2.18 |
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22745
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-29 12:16 修改: 2026-05-04 14:50
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-25854 |
中危 |
9.0.69 |
9.0.116, 10.1.53, 11.0.20 |
Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-25854
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-09 20:16 修改: 2026-04-14 14:01
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-43514 |
低危 |
9.0.69 |
9.0.118, 10.1.55, 11.0.22 |
Observable Timing Discrepancy vulnerabilitywhen comparing AJP secret i ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-43514
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-05-12 16:16 修改: 2026-05-14 18:46
|
| ch.qos.logback:logback-core |
CVE-2024-12801 |
低危 |
1.2.11 |
1.5.13, 1.3.15 |
logback-core: SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-12801
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2024-12-19 17:15 修改: 2026-04-15 00:35
|
| ch.qos.logback:logback-core |
CVE-2026-1225 |
低危 |
1.2.11 |
1.5.25 |
ch.qos.logback/logback-core: Malicious logback.xml configuration file allows instantiation of arbitrary classes
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-1225
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-01-22 10:16 修改: 2026-04-15 00:35
|
| org.apache.shiro:shiro-core |
CVE-2026-23901 |
低危 |
1.13.0 |
2.1.0 |
org.apache.shiro/shiro-core: Apache Shiro: Brute force attack possible to determine valid user names
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-23901
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-02-10 10:15 修改: 2026-02-12 15:30
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-46701 |
低危 |
9.0.69 |
9.0.105, 10.1.41, 11.0.7 |
tomcat: Apache Tomcat: Security constraint bypass for CGI scripts
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-46701
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-05-29 19:15 修改: 2025-11-03 20:19
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-55754 |
低危 |
9.0.69 |
11.0.11, 10.1.45, 9.0.109 |
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-55754
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2025-61795 |
低危 |
9.0.69 |
11.0.12, 10.1.47, 9.0.110 |
tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-61795
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-10-27 18:15 修改: 2026-05-12 13:17
|
| org.apache.tomcat.embed:tomcat-embed-core |
CVE-2026-24733 |
低危 |
9.0.69 |
11.0.15, 10.1.50, 9.0.113 |
tomcat: security constraint bypass with HTTP/0.9
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-24733
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-02-17 19:21 修改: 2026-03-11 16:16
|
| org.springframework:spring-webmvc |
CVE-2026-22735 |
低危 |
5.3.24 |
7.0.6, 6.2.17 |
org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22735
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-03-20 00:16 修改: 2026-04-23 14:21
|
| org.springframework:spring-webmvc |
CVE-2026-22741 |
低危 |
5.3.24 |
7.0.7, 6.2.18 |
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
漏洞详情: https://avd.aquasec.com/nvd/cve-2026-22741
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2026-04-29 12:16 修改: 2026-05-04 14:51
|
| org.springframework:spring-context |
CVE-2025-22233 |
低危 |
5.3.24 |
6.2.7, 6.1.20 |
CVE-2024-38820 ensured Locale-independent, lowercase conversion for bo ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2025-22233
镜像层: sha256:52914367fb31ca4ef3d5bae68488bde2c6e41c60135687face10dc05a22c1777
发布日期: 2025-05-16 20:15 修改: 2026-04-15 00:35
|