|
4061
|
8.1 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the usern…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2026-22747
|
2026-04-24 23:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4062
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for…
|
CWE-20
Improper Input Validation
|
CVE-2026-22748
|
2026-04-24 23:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4063
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter c…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-22753
|
2026-04-24 23:17 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4064
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then …
|
CWE-284
Improper Access Control
|
CVE-2026-22754
|
2026-04-24 23:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4065
|
5.5 |
MEDIUM
Local
|
libsixel
saitoha
|
libsixel
|
stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.
|
CWE-617
Reachable Assertion
|
CVE-2022-27938
|
2026-04-24 23:12 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4066
|
5.5 |
MEDIUM
Local
|
libsixel
saitoha
|
libsixel
|
stb_image.h (también se conoce como el cargador de imágenes de stb) versión 2.19, como es usado en libsixel y otros productos, presenta una aserción alcanzable en la función stbi__create_png_image_raw
|
CWE-617
Reachable Assertion
|
CVE-2022-27938
|
2026-04-24 23:12 |
2022-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4067
|
7.2 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user inpu…
|
CWE-29
Path Traversal: '\..\filename'
|
CVE-2026-5627
|
2026-04-24 22:57 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4068
|
7.5 |
HIGH
Network
|
nestjs
|
nest
|
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per m…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-40879
|
2026-04-24 22:46 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4069
|
5.0 |
MEDIUM
Network
|
openfga
|
helm_charts
openfga
|
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requ…
|
CWE-706
CWE-863
Use of Incorrectly-Resolved Name or Reference
Incorrect Authorization
|
CVE-2026-41131
|
2026-04-24 22:44 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4070
|
7.8 |
HIGH
Local
|
saitoha
|
libsixel
|
A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation res…
|
CWE-119
CWE-121
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
Out-of-bounds Write
|
CVE-2025-9300
|
2026-04-24 22:44 |
2025-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
