Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2026-41849 An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41848 Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then dire... | LOW | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41847 Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 throug... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41846 Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41845 Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting i... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41844 A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an at... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.
Affected versions:
Spring Framework 7.0... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41842 Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions:
Spring Fram... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41841 Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.
Affected versions:
Spring Frame... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41840 Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41839 A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exc... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41838 IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination wit... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41720 Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41715 In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41710 An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. ... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41007 Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATE... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41006 Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, perform... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-40984 In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
Affected vers... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-40983 In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition.
Affected vers... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-11603 The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Par... | MEDIUM | ????? | ????? | NVD | 3 days ago |