EUVD-2026-35896

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

PT-2026-40265

Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 8.0.0 through 8.0.2 FortiAuthenticator versions 6.6.0 through 6.6.8 FortiAuthenticator versions 6.5.0 through 6.5.6 Description An improper access control issue in API endpoints allows an unauthenticated remote...

br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.18), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.18) +1589 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.18 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

ai.wavemaker.app.build:wavemaker-app-build-maven-plugin (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404), ai.wavemaker.app.build:wavemaker-app-build-utils (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404) +2505 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.5.0 <=6.5.8)

org.springframework.security:spring-security-web MAVEN version =6.5.0, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =2.0.0,...

PT-2025-47515

Name of the Vulnerable Software and Affected Versions bridgetech VBC Server & Element Manager versions 6.5.0-9 through 6.5.0-10 Description A stored cross-site scripting issue exists in bridgetech VBC Server & Element Manager. Successful exploitation allows attackers to execute arbitrary code. Th...

ai.wavemaker.app.build:wavemaker-app-build-maven-plugin (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404), ai.wavemaker.app.build:wavemaker-app-build-utils (>=1.0.0-20260516144515 <=1.0.0.ee-20260516142404) +2249 more potentially affected by CVE-2025-41248 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.3)

org.springframework.security:spring-security-core MAVEN version =6.5.0, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0,...

PT-2024-15959 · Okta · Workforce Identity Cloud +2

Name of the Vulnerable Software and Affected Versions: Okta Browser Plugin versions 6.5.0 through 6.31.0 Description: The issue occurs due to a cross-site scripting flaw when the Okta Browser Plugin prompts the user to save credentials within Okta Personal. This is resolved by properly escaping...

Okta Browser Plugin 安全漏洞

Okta Browser Plugin is a browser plugin from Okta USA. A security vulnerability exists in Okta Browser Plugin versions 6.5.0 through 6.31.0 that stems from vulnerability to cross-site scripting attacks...

CVE-2022-3748

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0...

ForgeRock Access Management 安全漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable superior experiences tailored to the unique needs of users and employees. An access control error vulnerability exists in ForgeRock Access Management versions 6.5.0 through 7.2.0, which...

Huawei FusionCompute Elevation of Privilege Vulnerability

FusionCompute is Huawei's self-developed computing virtualization software. An elevation of privilege vulnerability exists in FusionCompute 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. The vulnerability stems from improper privilege management. An attacker with normal privileges could exploit the...