6.8

CVSS3.1

CVE-2026-22747 - Unauthorized User Impersonation when Using X.509 Client Certificates

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Th…

📅 Published: April 22, 2026, 5:08 a.m. 🔄 Last Modified: April 24, 2026, 2:18 p.m.

3.7

CVSS3.1

CVE-2026-22746 - User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, …

📅 Published: April 22, 2026, 5:02 a.m. 🔄 Last Modified: April 24, 2026, 2:20 p.m.

5.1

CVSS4.0

CVE-2026-40451 - Cross‑Site Scripting in DeepL Chrome Extension Enables Arbitrary Script Execution

DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.

📅 Published: April 22, 2026, 4:28 a.m. 🔄 Last Modified: April 22, 2026, 9:23 p.m.

5.1

CVSS4.0

CVE-2026-6835 - aEnrich|a+HCM - Arbitrary File Upload

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.

📅 Published: April 22, 2026, 3:40 a.m. 🔄 Last Modified: April 22, 2026, 12:40 p.m.

7.1

CVSS4.0

CVE-2026-6834 - aEnrich|a+HRD - Missing Authorization

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.

📅 Published: April 22, 2026, 3:36 a.m. 🔄 Last Modified: April 22, 2026, 12:44 p.m.

7.1

CVSS4.0

CVE-2026-6833 - aEnrich|a+HRD - SQL Injection

The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

📅 Published: April 22, 2026, 3:32 a.m. 🔄 Last Modified: April 22, 2026, 12:45 p.m.

6.2

CVSS3.1

CVE-2026-6386 - Missing large page handling in pmap_pkru_update_range()

In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface. In particular, …

📅 Published: April 22, 2026, 2:33 a.m. 🔄 Last Modified: April 22, 2026, 9:23 p.m.

8.4

CVSS3.1

CVE-2026-5398 - Kernel use-after-free bug in the TIOCNOTTY handler

The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. A malicious process can abuse the da…

📅 Published: April 22, 2026, 2:23 a.m. 🔄 Last Modified: April 23, 2026, 3:56 a.m.

2.7

CVSS3.1

CVE-2026-6408 - Tanium addressed an information disclosure vulnerability in Tanium Server.

Tanium addressed an information disclosure vulnerability in Tanium Server.

📅 Published: April 22, 2026, 1:46 a.m. 🔄 Last Modified: April 22, 2026, 12:49 p.m.

2.7

CVSS3.1

CVE-2026-6392 - Tanium addressed an information disclosure vulnerability in Threat Response.

Tanium addressed an information disclosure vulnerability in Threat Response.

📅 Published: April 22, 2026, 1:46 a.m. 🔄 Last Modified: April 22, 2026, 12:54 p.m.
Total resulsts: 346506
Page 67 of 34,651
« previous page » next page
Filters