MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-41726	In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header_CVE-2026-41726 When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random s...	Spring	Spring for Apache Kafka 4.0.0	Jun 9, 2026	CVE
MEDIUM 5.9	CVE-2026-41721	Spring Data Commons Denial of Service via Data Binding_CVE-2026-41721 Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunct...	Spring	Spring Data Commons 4.0.0	Jun 9, 2026	CVE
MEDIUM 6.4	CVE-2026-41719	Spring Data KeyValue – SpEL Injection vulnerability in SpelPropertyComparator_CVE-2026-41719 A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that d...	Spring	Spring Data KeyValue 4.0.0	Jun 9, 2026	CVE
MEDIUM 4	CVE-2026-41714	In Spring AMQP the RabbitConnectionFactoryBean.setUri(“amqps://…”) bypasses secure SSL setup, uses TrustEverythingTrustManager_CVE-2026-41714 Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get ...	Spring	Spring AMQP 4.0.0	Jun 9, 2026	CVE
MEDIUM 5.9	CVE-2026-41711	Potential Denial of Service through crafted Sort Parameters_CVE-2026-41711 Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort ...	Spring	Spring Data Commons 4.0.0	Jun 9, 2026	CVE
MEDIUM 6.1	CVE-2026-41706	Open Redirect When Using CookieRequestCache_CVE-2026-41706 Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be...	Spring	Spring Security 5.7.0	Jun 9, 2026	CVE
MEDIUM 4.4	CVE-2026-41701	In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues_CVE-2026-41701 Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affe...	Spring	Spring AMQP 4.0.0	Jun 9, 2026	CVE
MEDIUM 4.8	CVE-2026-41697	Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern_CVE-2026-41697 Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAI...	Spring	Spring Data Relational 4.0.0	Jun 9, 2026	CVE
MEDIUM 5.9	CVE-2026-41696	Spring Data MongoDB Bind Parameter Literal Quoting Breakout_CVE-2026-41696 Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound pa...	Spring	Spring Data MongoDB 5.0.0	Jun 9, 2026	CVE
MEDIUM 6.1	CVE-2026-41008	Spring Security Authorization Server Open Redirect via request_uri_CVE-2026-41008 Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft ...	Spring	Spring Security 7.0.0	Jun 9, 2026	CVE