ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +5104 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.0.0, =cloud-0.1, =0.5.2, =0.5.0, =0.0.1, =55.v51410e712e0c, =7.0.0, =2.0.0, =1.5.1.RELEASE, =1.0.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-22746 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKSECURITY-16121176...

CVE-2026-22746

creationtimestamp| type| source ---|---|--- 2026-04-22 08:43:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk345awimj2n 2026-04-22 12:45:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jnvyvfq2h...

br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +1579 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +1146 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2121 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.2)

org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +1077 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=7.0.0 <=7.0.4)

org.springframework.security:spring-security-core MAVEN version =7.0.0, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

Linux Distros Unpatched Vulnerability : CVE-2022-22746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affec...

CVE-2025-22746

creationtimestamp| type| source ---|---|--- 2025-01-15 16:16:39+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfs62d7fqq2r 2025-01-15 16:25:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113833299202244513...

CVE-2025-22746

CVE-2025-22746: Stored XSS in HireHive Job Plugin (WordPress). Affected: HireHive Job Plugin versions up to 2.9.0. CVSS v3.1 base score 6.5 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). Patch status in provided sources is Unpatched; no remediation version details are provided. Monitor for updates.

CVE-2025-22746 WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zartis HireHive Job Plugin zartis-job-plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through = 2.9.0...

CVE-2025-22746 WordPress HireHive Job Plugin plugin <= 2.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zartis HireHive Job Plugin zartis-job-plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through = 2.9.0...

SUSE CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird...

CVE-2023-22746

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

CVE-2023-22746

CVE-2023-22746 affects CKAN Docker-based deployments where a default, shared secret key is used across multiple instances unless overridden in the container’s .env. The vulnerability allows forging authentication requests between CKAN instances when the default secret key is not customized. Affec...

UBUNTU-CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird...

CVE-2022-22746

CVE-2022-22746 describes a race condition that could bypass the fullscreen notification, potentially enabling a fullscreen window spoof in Firefox on Windows. The vulnerability affects Firefox ESR &lt; 91.5, Firefox &lt; 96, and Thunderbird

CVE-2022-22746

A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2022:0136-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...