|
3111
|
5.4 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_peopletools
|
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows…
|
CWE-284
Improper Access Control
|
CVE-2026-34307
|
2026-04-24 23:26 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3112
|
8.1 |
HIGH
Network
|
oracle
|
peoplesoft_enterprise_peopletools
|
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows…
|
CWE-284
Improper Access Control
|
CVE-2026-34309
|
2026-04-24 23:25 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3113
|
7.5 |
HIGH
Network
|
oracle
|
financial_services_analytical_applications_infrastructure
|
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar…
|
CWE-284
Improper Access Control
|
CVE-2026-34310
|
2026-04-24 23:25 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3114
|
6.5 |
MEDIUM
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0…
|
CWE-285
CWE-601
Improper Authorization
Open Redirect
|
CVE-2026-34315
|
2026-04-24 23:24 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3115
|
8.1 |
HIGH
Network
|
sysadminsmedia
|
homebox
|
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group,…
|
CWE-708
Incorrect Ownership Assignment
|
CVE-2026-40196
|
2026-04-24 23:23 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3116
|
7.2 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mod…
|
CWE-95
CWE-94
Eval Injection
Code Injection
|
CVE-2026-22666
|
2026-04-24 23:20 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3117
|
3.7 |
LOW
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then Dao…
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2026-22746
|
2026-04-24 23:20 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3118
|
8.1 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the usern…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-22747
|
2026-04-24 23:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3119
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for…
|
CWE-20
Improper Input Validation
|
CVE-2026-22748
|
2026-04-24 23:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3120
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter c…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-22753
|
2026-04-24 23:17 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
