CVE-2025-41235 - High - CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies
CVE-2025-41232 - Medium - CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
CVE-2025-22233 - Low - CVE-2025-22233: Spring Framework DataBinder Case Sensitive Match Exception (2nd update)
CVE-2025-22235 - Medium - CVE-2025-22235: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
CVE-2025-22234 - Medium - CVE-2025-22234: Spring Security BCryptPasswordEncoder maximum password length breaks timing attack mitigation
CVE-2025-22232 - Medium - CVE-2025-22232: Spring Cloud Config Server May Not Use Vault Token Sent By Clients
CVE-2025-22223 - Medium - CVE-2025-22223: Spring Security authorization bypass for method security annotations on parameterized types
CVE-2025-22228 - High - CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length
CVE-2024-38829 - Low - CVE-2024-38829: Spring LDAP Spring LDAP sensitive data exposure for case-sensitive comparisons
CVE-2024-38827 - Medium - CVE-2024-38827: Spring Security Authorization Bypass for Case Sensitive Comparisons