Every CVE whose affected-product data names Vmware Spring Hateoas, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-41006 — CVSS 7.5 (high): Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers…
CVE-2026-41007 — CVSS 7.5 (high): Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions…
CVE-2023-34036 — CVSS 5.3 (medium): Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if…