| CVE-2017-4995 |
high |
8.1 |
8.1 |
9y ago |
Deserialization of Untrusted Data in Spring Security |
|
| CVE-2016-5007 |
high |
7.5 |
7.5 |
9y ago |
Spring Security and Spring Framework may not recognize certain paths that should be protected |
|
| CVE-2016-9879 |
high |
7.5 |
7.5 |
10y ago |
Security Constraint Bypass in Spring Security |
|
| CVE-2014-0097 |
high |
7.3 |
7.3 |
9y ago |
Improper Authentication in Spring Security |
|
| CVE-2011-2894 |
medium |
— |
6.8 |
15y ago |
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data |
|
| CVE-2011-2731 |
medium |
— |
5.1 |
14y ago |
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security |
|
| CVE-2012-5055 |
medium |
— |
5.0 |
14y ago |
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security |
|
| CVE-2010-3700 |
medium |
— |
5.0 |
16y ago |
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security |
|
| CVE-2026-22751 |
medium |
4.8 |
4.8 |
1mo ago |
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured |
|
| CVE-2011-2732 |
medium |
— |
4.3 |
14y ago |
Improper Control of Generation of Code in Spring Security |
|