• 朋友圈,提供博客收录、文章聚合展示等功能,欢迎来这里发现有趣的博客并尝试与博主成为朋友!如果你拥有一个独立博客,就赶快申请加入吧,逾 1 位博友正在等你哦!

CVE-2025-22235 - Medium - CVE-2025-22235: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

CVE-2025-22234 - Medium - CVE-2025-22234: Spring Security BCryptPasswordEncoder maximum password length breaks timing attack mitigation

CVE-2025-22232 - Medium - CVE-2025-22232: Spring Cloud Config Server May Not Use Vault Token Sent By Clients

CVE-2025-22223 - Medium - CVE-2025-22223: Spring Security authorization bypass for method security annotations on parameterized types

CVE-2025-22228 - High - CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length

CVE-2024-38829 - Low - CVE-2024-38829: Spring LDAP Spring LDAP sensitive data exposure for case-sensitive comparisons

CVE-2024-38827 - Medium - CVE-2024-38827: Spring Security Authorization Bypass for Case Sensitive Comparisons

CVE-2024-38821 - Medium - Authorization Bypass of Static Resources in WebFlux Applications

CVE-2024-38820 - Low - CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception

CVE-2024-38819 - High - CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report)