|
481
|
5.4 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_peopletools
|
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34307
|
2026-04-24 23:26 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
482
|
8.1 |
HIGH
Network
|
oracle
|
peoplesoft_enterprise_peopletools
|
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34309
|
2026-04-24 23:25 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
483
|
7.5 |
HIGH
Network
|
oracle
|
financial_services_analytical_applications_infrastructure
|
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar…
New
|
CWE-284
Improper Access Control
|
CVE-2026-34310
|
2026-04-24 23:25 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
484
|
6.5 |
MEDIUM
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0…
New
|
CWE-285
CWE-601
Improper Authorization
Open Redirect
|
CVE-2026-34315
|
2026-04-24 23:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
485
|
8.1 |
HIGH
Network
|
sysadminsmedia
|
homebox
|
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group,…
Update
|
CWE-708
Incorrect Ownership Assignment
|
CVE-2026-40196
|
2026-04-24 23:23 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
486
|
3.7 |
LOW
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then Dao…
New
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-22746
|
2026-04-24 23:20 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
487
|
8.1 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the usern…
New
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-22747
|
2026-04-24 23:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
488
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-22748
|
2026-04-24 23:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
489
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter c…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-22753
|
2026-04-24 23:17 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
490
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then …
New
|
CWE-284
Improper Access Control
|
CVE-2026-22754
|
2026-04-24 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
