Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1123 matches found

CVE
CVEadded 2026/04/22 5:20 a.m.11 views

CVE-2026-22753

Spring Security CVE-2026-22753 affects versions 7.0.0 to 7.0.4 where using securityMatchers(String) together with a PathPatternRequestMatcher.Builder bean to prepend a servlet path can cause requests to fail matching against the filter chain, potentially rendering authentication, authorization, a...

7.5CVSS5.8AI score0.00063EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/22 5:20 a.m.3 views

CVE-2026-22753

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00063EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/22 5:20 a.m.27 views

CVE-2026-22753 Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS0.00063EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/22 5:20 a.m.1 views

CVE-2026-22753 Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00063EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/22 5:15 a.m.1 views

CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS5.7AI score0.00075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/22 5:15 a.m.2 views

CVE-2026-22748

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS5.8AI score0.00075EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/22 5:15 a.m.7 views

CVE-2026-22748

CVE-2026-22748 affects Spring Security when JWT decoding uses NimbusJwtDecoder or NimbusReactiveJwtDecoder and an OAuth2TokenValidator is not configured separately (e.g., via setJwtValidator). Impact is that the issue can affect authentication integrity (I) with MEDIUM overall severity (CVSS v3.1...

6.5CVSS5.7AI score0.00075EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/22 5:15 a.m.24 views

CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS0.00075EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/22 5:8 a.m.1 views

CVE-2026-22747 Unauthorized User Impersonation when Using X.509 Client Certificates

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

6.8CVSS5.8AI score0.00031EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/22 5:8 a.m.25 views

CVE-2026-22747 Unauthorized User Impersonation when Using X.509 Client Certificates

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

6.8CVSS0.00031EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/22 5:8 a.m.1 views

CVE-2026-22747

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

6.8CVSS5.8AI score0.00031EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/22 5:8 a.m.14 views

CVE-2026-22747

Summary : CVE-2026-22747 affects Spring Security 7.0.0–7.0.4. The issue is in SubjectX500PrincipalExtractor’s handling of certain malformed X.509 certificate CN values, which can cause the system to read the wrong username value and potentially allow attacker impersonation of another user. The co...

8.1CVSS5.8AI score0.00031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/22 5:2 a.m.25 views

CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS0.00067EPSS
Exploits0References1
CVE
CVEadded 2026/04/22 5:2 a.m.6 views

CVE-2026-22746

The CVE concerns Spring Security vulnerability CVE-2026-22746 where the timing-attack defense in DaoAuthenticationProvider can be bypassed when an application uses the UserDetails attributes isEnabled, isAccountNonExpired, or isAccountNonLocked to manage user status. Affected versions include Spr...

3.7CVSS5.7AI score0.00067EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/22 5:2 a.m.1 views

CVE-2026-22746

Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...

3.7CVSS5.7AI score0.00067EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/04/22 12:39 a.m.0 views

CLEANSTART-2026-KB76878 When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written

Multiple security vulnerabilities affect the apache-nifi package. When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. See references for individual vulnerability details...

9.8CVSS7.2AI score0.00038EPSS
Exploits3References17
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.1 views

PT-2026-34252

Name of the Vulnerable Software and Affected Versions Spring Spring Security versions 6.3.0 through 6.3.14 Spring Spring Security versions 6.4.0 through 6.4.14 Spring Spring Security versions 6.5.0 through 6.5.9 Spring Spring Security versions 7.0.0 through 7.0.4 Description An issue exists when ...

6.5CVSS5.8AI score0.00075EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/22 12:0 a.m.6 views

Spring Security 安全漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Versions of Spring Security 7.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the improper handling of certain malformed X.509...

8.1CVSS5.8AI score0.00031EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/22 12:0 a.m.7 views

Spring Security 输入验证错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities in input validation exist in versions 6.3.0 to 6.3.14, 6.4.0 to 6.4.14, 6.5.0 to 6.5.9, and 7.0.0 to 7.0.4 of Spring Security. These vulnerabilities stem...

6.5CVSS5.8AI score0.00075EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/22 12:0 a.m.0 views

CVE-2026-22753

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00063EPSS
Exploits0References1
Rows per page
Query Builder