|
591
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter c…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-22753
|
2026-04-24 23:17 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
592
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then …
New
|
CWE-284
Improper Access Control
|
CVE-2026-22754
|
2026-04-24 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
593
|
7.5 |
HIGH
Network
|
nestjs
|
nest
|
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per m…
New
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40879
|
2026-04-24 22:46 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
594
|
5.0 |
MEDIUM
Network
|
openfga
|
helm_charts
openfga
|
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requ…
New
|
CWE-706
CWE-863
Use of Incorrectly-Resolved Name or Reference
Incorrect Authorization
|
CVE-2026-41131
|
2026-04-24 22:44 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
595
|
8.8 |
HIGH
Local
|
packagekit_project
|
packagekit
|
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-41651
|
2026-04-24 22:43 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
596
|
7.5 |
HIGH
Network
|
coturn_project
|
coturn
|
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * wit…
New
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2026-40613
|
2026-04-24 22:41 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
597
|
4.8 |
MEDIUM
Network
|
mitmproxy
|
mitmproxy
|
mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the b…
New
|
CWE-90
LDAP Injection
|
CVE-2026-40606
|
2026-04-24 22:33 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
598
|
2.7 |
LOW
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their tok…
New
|
CWE-1259
Improper Restriction of Security Token Assignment
|
CVE-2026-40264
|
2026-04-24 22:29 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
599
|
4.9 |
MEDIUM
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use …
New
|
CWE-89
SQL Injection
|
CVE-2026-39946
|
2026-04-24 22:28 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
600
|
3.1 |
LOW
Network
|
openbao
|
openbao
|
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` i…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-39388
|
2026-04-24 22:27 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
