Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
🔔 Premium Features
🔍 Filter Threats
| Title | Severity | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|
| CVE-2026-41853 Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41852 A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or ... | LOW | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41851 Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the eva... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41850 Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By pr... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41849 An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41848 Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then dire... | LOW | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41847 Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 throug... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41846 Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41845 Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting i... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41844 A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an at... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.
Affected versions:
Spring Framework 7.0... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41842 Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions:
Spring Fram... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41841 Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.
Affected versions:
Spring Frame... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41840 Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41839 A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exc... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41838 IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination wit... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41720 Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or... | HIGH | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41715 In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41710 An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. ... | MEDIUM | ????? | ????? | NVD | 3 days ago |
| CVE-2026-41007 Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings.
Affected versions:
Spring HATE... | HIGH | ????? | ????? | NVD | 3 days ago |