|
581
|
7.5 |
HIGH
Network
|
-
|
-
|
In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.
Affected versions:
Micrometer 1.16.0 through 1.16.5; 1.15.0 th…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40983
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
7.5 |
HIGH
Network
|
-
|
-
|
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Affected versions:
micrometer-core 1.16.0 through 1.16.5; 1.15…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40984
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
7.5 |
HIGH
Network
|
-
|
-
|
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consult…
New
|
CWE-284
Improper Access Control
|
CVE-2026-41006
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
7.5 |
HIGH
Network
|
-
|
-
|
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41007
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
5.9 |
MEDIUM
Network
|
-
|
-
|
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects an…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41710
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
6.1 |
MEDIUM
Network
|
-
|
-
|
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been e…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-41715
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
7.4 |
HIGH
Network
|
-
|
-
|
Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password.
Affected versions:
Spring LDAP 2.4.0 …
New
|
CWE-287
Improper Authentication
|
CVE-2026-41720
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
4.8 |
MEDIUM
Network
|
-
|
-
|
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.
Affected versi…
New
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-41838
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authent…
New
|
CWE-384
Session Fixation
|
CVE-2026-41839
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-41840
|
2026-06-9 22:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
