Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29072+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
CVSS 5.3
Spring Web Services SOAP Account Enumeration Vulnerability (CVE-2026-40997)
spring.io · 2026-06-13

### Vulnerability Overview - **CVE ID**: CVE-2026-40997 - **Release Date**: June 10, 2026 - **Severity**: Medium - **Description**: A SOAP security vulnerability in the Spring Web Services integration…

Read more
CVSS 8.2
Spring WebServices XXE Vulnerability (CVE-2026-40998) Advisory and Patch
spring.io · 2026-06-13

### Vulnerability Overview - **CVE ID**: CVE-2026-40998 - **Vulnerability Name**: Jaxp13 XPath XXE via StreamSource and SAXSource - **Publication Date**: June 10, 2026 - **Severity**: High **Descripti…

Read more
CVSS 8.6
CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing
spring.io · 2026-06-13

# CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations ## Vulnerability Overview When WS-Addressing is used with anonymous `ReplyTo` or `FaultTo` addresses, Spring WS may in…

Read more
CVSS 3.7
CVE-2026-41000 Spring Web Services WSS4J Replay Cache Bypass Vulnerability
spring.io · 2026-06-13

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-41000 - **Vulnerability Name**: WSS4J validation does not use configured replay cache - **Description**: `Wss4jSecurityInterceptor` fails to…

Read more
CVSS 7.6
CVE-2026-41003: Unencoded HTML Outputs in Spring Security XSS Vulnerability Advisory
spring.io · 2026-06-13

# CVE-2026-41003: Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting ## Vulnerability Overview - **Vulnerability ID**: CVE-2026-41003 - **Publication Date**: June 9, 2026 - **Sev…

Read more
CVSS 5.3
CVE-2026-41001: Spring Boot Artemis Predictable Temp Directory Leading to Data Hijacking and RCE
spring.io · 2026-06-13

# CVE-2026-41001: Predictable Temp Directory in Artemis Auto-configuration ## Vulnerability Overview When no explicit path is configured, `ArtemisEmbeddedConfigurationFactory` in Spring Boot uses a fi…

Read more
CVSS 7.5
Spring HATEOAS Collection+JSON/UBER Deserialization Bypasses Jackson Access Control (CVE-2026-41006)
spring.io · 2026-06-13

### Vulnerability Overview - **CVE ID**: CVE-2026-41006 - **Vulnerability Name**: Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration - **Severity**: HIGH - **Publicat…

Read more
CVSS 7.5
CVE-2026-41007: Spring HATEOAS Unbounded Caching Heap Exhaustion
spring.io · 2026-06-13

# CVE-2026-41007: Spring HATEOAS heap exhaustion through unbounded internal caching ## Vulnerability Overview Spring HATEOAS maintains an unbounded static cache to store `StringLinkRelation` instances…

Read more
CVSS 7.5
Spring Data Commons DoS Vulnerability (CVE-2026-41695) Advisory
spring.io · 2026-06-13

### Vulnerability Overview **CVE-2026-41695: Denial of Service Vulnerability in Spring Data Commons Property Path Resolution** - **Description**: Spring Data Commons applications may suffer from denia…

Read more
CVSS 3.7
CVE-2026-41694: Spring Security SAML Decryption Without Valid Signature
spring.io · 2026-06-13

# CVE-2026-41694: SAML Payloads Decrypted Without Valid Signature ## Vulnerability Overview Spring Security SAML does not require a valid signature when decrypting SAML responses as well as the elemen…

Read more
CVSS 4.8
Spring Data Relational QBE Parameter Injection Vulnerability (CVE-2026-41697)
spring.io · 2026-06-13

### Vulnerability Overview **CVE-2026-41697**: Improper parameter escaping in Spring Data Relational may lead to security issues when using `StringMatcher` (STARTING, ENDING, or CONTAINING) in Queries…

Read more
CVSS 5.9
Spring Data MongoDB CVE-2026-41696 Parameter Injection Vulnerability Advisory
spring.io · 2026-06-13

# CVE-2026-41696: Spring Data MongoDB Bind Parameter Literal Quoting Breakout ## Vulnerability Overview In Spring Data MongoDB, when using regular expression parameter binding in the `@Query` annotati…

Read more
CVSS 6.1
Spring Security CookieRequestCache Open Redirect Vulnerability (CVE-2026-41706)
spring.io · 2026-06-13

# CVE-2026-41706: Open Redirect Vulnerability When Using CookieRequestCache ## Vulnerability Overview Spring Security's `CookieRequestCache` and `CookieServerRequestCache` store pre-authentication req…

Read more
CVSS 5.9
Spring Data Commons DoS Vulnerability Advisory (CVE-2026-41711)
spring.io · 2026-06-13

### Vulnerability Overview - **CVE ID**: CVE-2026-41711 - **Publication Date**: June 9, 2026 - **Severity**: Medium - **Description**: Applications using Spring Data Commons may be susceptible to a De…

Read more
CVSS 6.1
CVE-2026-41715: Reactor Netty HTTP Client Credential Leakage Vulnerability
spring.io · 2026-06-13

### Vulnerability Overview - **CVE ID**: CVE-2026-41715 - **Vulnerability Name**: Reactor Netty HTTP Client Leaks Credentials on Protocol Downgrade Redirection - **Description**: In certain scenarios …

Read more
Premium intel
CVSS 8.1
CVE-2026-41717: Spring Data MongoDB SpEL Injection Vulnerability Advisory
spring.io · 2026-06-13

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-41717 - **Vulnerability Name**: Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding - **Severity**: HIGH -…

Read more
CVSS 6.4
CVE-2026-41719: Spring Data KeyValue SpEL Injection Vulnerability Advisory
spring.io · 2026-06-13

# CVE-2026-41719: Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator ## Vulnerability Overview A SpEL injection vulnerability exists in Spring Data KeyValue. This vulnerabil…

Read more
Premium intel
CVSS 7.4
Spring LDAP CVE-2026-41720 Authentication Bypass Vulnerability Advisory
spring.io · 2026-06-13

### Vulnerability Overview - **Vulnerability Name**: CVE-2026-41720 - **Vulnerability Description**: The `DirContextAuthenticationStrategy` implementation in Spring LDAP does not reject bind requests …

Read more
CVSS 5.9
Spring Data Commons CVE-2026-41721: Denial of Service via Data Binding
spring.io · 2026-06-13

# CVE-2026-41721: Spring Data Commons Denial of Service via Data Binding ## Vulnerability Overview A vulnerability exists in Spring Data Commons where, when Spring Data Web Support is used in conjunct…

Read more
CVSS 6.5
CVE-2026-41726: Spring for Apache Kafka Deserialization DoS Vulnerability Advisory
spring.io · 2026-06-13

# CVE-2026-41726: Spring for Apache Kafka Vulnerability Summary ## Vulnerability Overview - **Vulnerability ID**: CVE-2026-41726 - **Release Date**: 2026-06-09 - **Severity**: Medium - **Description**…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.