High
CVSS: 7.5
Yayın: 2026-04-22 06:16:04
Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization b…
High
CVSS: 7.5
Yayın: 2026-04-22 06:16:04
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components w…
Medium
CVSS: 5.3
Yayın: 2026-04-22 06:16:04
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects S…
Medium
CVSS: 6.8
Yayın: 2026-04-22 06:16:03
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can l…
Low
CVSS: 3.7
Yayın: 2026-04-22 06:16:02
Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can…
Medium
CVSS: 5.1
Yayın: 2026-04-22 05:16:23
DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.
Medium
CVSS: 5.1
Yayın: 2026-04-22 04:16:09
The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.
High
CVSS: 7.1
Yayın: 2026-04-22 04:16:09
The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
High
CVSS: 7.1
Yayın: 2026-04-22 04:16:07
The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Low
CVSS: 2.7
Yayın: 2026-04-22 03:16:01
Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
Low
CVSS: 2.7
Yayın: 2026-04-22 03:16:01
Tanium addressed an information disclosure vulnerability in Tanium Server.
Low
CVSS: 2.7
Yayın: 2026-04-22 03:16:01
Tanium addressed an information disclosure vulnerability in Threat Response.
Unknown
CVSS: -
Yayın: 2026-04-22 03:16:01
In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the sh…
Unknown
CVSS: -
Yayın: 2026-04-22 03:16:01
The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to fr…
High
CVSS: 8.2
Yayın: 2026-04-22 03:16:01
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can fl…
Medium
CVSS: 6.9
Yayın: 2026-04-22 03:16:00
OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for in…
High
CVSS: 8.7
Yayın: 2026-04-22 02:16:02
facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i` or `I`. The process spins in user spa…
High
CVSS: 8.8
Yayın: 2026-04-22 01:16:05
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path
allows any user wh…
High
CVSS: 8.8
Yayın: 2026-04-22 01:16:05
MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows…
High
CVSS: 8.9
Yayın: 2026-04-22 00:16:29
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled input (`url` parameter) without proper sanitization. The input is di…