Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts
Get Pricing
Codey gradient
Filter by Severity
Filter by Technology
Filter by Category
Filtering by:
Severity
=
Text for Severity
Close icon
Clear Filters
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Open in new tab icon
CVE-2026-44573
Apache Tomcat
Next.js
Broken Access
>=12.2.0 <15.5.16, >=16.0.0 <16.2.5
May 18, 2026
Low
Open in new tab icon
CVE-2026-44572
Apache Tomcat
Next.js
Cache Poisoning
>=12.2.0 <15.5.16, >=16.0.0 <16.2.5
May 18, 2026
Low
Open in new tab icon
CVE-2026-41284
Apache Tomcat
Apache Tomcat
Denial of Service
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
Open in new tab icon
CVE-2026-42498
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.2 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
Open in new tab icon
CVE-2026-41293
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
Open in new tab icon
CVE-2026-43513
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Low
Open in new tab icon
CVE-2026-43514
Apache Tomcat
Apache Tomcat
Content Spoofing
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
Medium
Open in new tab icon
CVE-2026-43515
Apache Tomcat
Apache Tomcat
Incorrectly Configured Access Control
>=8.5.0 <=8.5.100, >=9.0.0.M1 <=9.0.117, >=10.1.0-M1 <=10.1.54, >=11.0.0-M1 <=11.0.21
May 18, 2026
High
Open in new tab icon
CVE-2026-42945
Ingress NGINX
NGINX (ngx_http_rewrite_module); reaches Ingress NGINX Controller via the NGINX C source compiled into the controller binary
Heap-based Buffer Overflow
NGINX OSS 0.6.27 through 1.30.0; NGINX Plus R32 through R36; Ingress NGINX Controller builds that compile against those versions (including upstream v1.15.1)
May 18, 2026
Medium
Open in new tab icon
CVE-2026-40989
Spring
Spring Cloud Function
Denial of Service
<3.2.16, >=4.0.0 <=4.2.5, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.1
May 12, 2026
Medium
Open in new tab icon
CVE-2026-40990
Spring
Spring Cloud Function
Denial of Service
<3.2.16, >=4.0.0 <=4.2.5, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.1
May 12, 2026
Medium
Open in new tab icon
CVE-2026-41004
Spring
Spring Cloud Config
Information Exposure
>=1.3.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
High
Open in new tab icon
CVE-2026-41002
Spring
Spring Cloud Config
Path Traversal
>=1.0.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
High
Open in new tab icon
CVE-2026-40981
Spring
Spring Cloud Config
Information Exposure
>=3.1.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
Critical
Open in new tab icon
CVE-2026-40982
Spring
Spring Cloud Config
Path Traversal
>=1.0.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Sign up for the latest vulnerability alerts
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.