Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Observable Timing Discrepancy (CVE-2026-22746)

Summary There are vulnerabilities in spring-security-core-6.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22746. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-22746 DESCRIPTION: Vulnerability in Spring Spring Security. If an application is...

3.7CVSS5.2AI score0.00215EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/22 12:25 p.m.9 views

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +5150 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.0.0, =cloud-0.1, =0.5.2, =0.5.0, =0.0.1, =55.v51410e712e0c, =7.0.0, =2.0.0, =1.5.1.RELEASE, =1.0.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-22746 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKSECURITY-16121176...

3.7CVSS5.7AI score0.00215EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 6:30 a.m.10 views

br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.18), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.18) +1590 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.18 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

3.7CVSS5.7AI score0.00215EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 6:30 a.m.7 views

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +1147 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

3.7CVSS5.4AI score0.00215EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 6:30 a.m.7 views

au.csiro.pathling:fhir-server (>=5.3.1 <=6.4.2), au.org.consumerdatastandards:data-holder (>=2.3.0 <=2.4.1) +2126 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.7.0 <=5.7.2)

org.springframework.security:spring-security-core MAVEN version =5.7.0, =5.3.1, =2.3.0, =2.4.1 - au.org.consumerdatastandards:mock-data-holder-java =2.6.0 - be.jidoka:jdk-keycloak-admin =1.3.0 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 -...

3.7CVSS5.7AI score0.00215EPSS
Exploits0
NVD
NVD
added 2026/04/22 6:16 a.m.9 views

CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS0.00215EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/22 12:0 a.m.7 views

CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder