Lucene search
+L

8 matches found

nvd
nvd
added 11 hours ago5 views

CVE-2026-22752

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS
Exploits0References1
cvelist
cvelist
added 12 hours ago14 views

CVE-2026-22752 Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10...

9.6CVSS
Exploits0References1
vulnersosv
vulnersosv
added 2026/04/22 6:30 a.m.10 views

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +831 more potentially affected by CVE-2026-22754 via org.springframework.security:spring-security-config (>=7.0.0 <=7.0.4)

org.springframework.security:spring-security-config MAVEN version =7.0.0, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

7.5CVSS5.7AI score0.00266EPSS
Exploits0
github
github
added 2026/04/22 6:30 a.m.10 views

Spring Security Doesn't Correctly Include Servlet Path in Path Matching of HttpSecurity#securityMatchers

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.2AI score0.00248EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/04/22 6:30 a.m.10 views

GHSA-4WRG-8WPC-H923 Spring Security Doesn't Correctly Include Servlet Path in Path Matching of HttpSecurity#securityMatchers

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
nvd
nvd
added 2026/04/22 6:16 a.m.9 views

CVE-2026-22747

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

8.1CVSS0.00296EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/09/13 12:0 a.m.5 views

Fortinet FortiClientEms Information Disclosure Vulnerability

Fortinet FortiClientEms is a centralized central management system from Fortinet, Inc. A security vulnerability exists in Fortinet FortiClientEms that originates from an environment variable information leak in the login page. Affected products and versions: FortiClientEMS versions 7.0.6 through...

5.3CVSS6.6AI score0.00704EPSS
Exploits0References3
ncsc
ncsc
added 2022/09/27 12:0 a.m.5 views

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. The vulnerability allows a malicious party to use heap overflow to execute arbitrary code with user privileges or a denial-of-service DoS. To exploit the vulnerability, a malicious party must issue an XAUTOCLAIM command with a rogue COUNT argument on a key...

9.8CVSS7.2AI score0.02904EPSS
Exploits0
Rows per page
Query Builder