CVE-2025-22235 - Medium - CVE-2025-22235: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
CVE-2025-22234 - Medium - CVE-2025-22234: Spring Security BCryptPasswordEncoder maximum password length breaks timing attack mitigation
CVE-2025-22232 - Medium - CVE-2025-22232: Spring Cloud Config Server May Not Use Vault Token Sent By Clients
CVE-2025-22223 - Medium - CVE-2025-22223: Spring Security authorization bypass for method security annotations on parameterized types
CVE-2025-22228 - High - CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length
CVE-2024-38829 - Low - CVE-2024-38829: Spring LDAP Spring LDAP sensitive data exposure for case-sensitive comparisons
CVE-2024-38827 - Medium - CVE-2024-38827: Spring Security Authorization Bypass for Case Sensitive Comparisons
CVE-2024-38819 - High - CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report)