CVE-2026-6408 - Tanium addressed an information disclosure vulnerability in Tanium Server.
CVE ID :CVE-2026-6408
Published : April 22, 2026, 3:16 a.m. | 3 hours, 30 minutes ago
Description :Tanium addressed an information disclosure vulnerability in Tanium Server.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6408
Published : April 22, 2026, 3:16 a.m. | 3 hours, 30 minutes ago
Description :Tanium addressed an information disclosure vulnerability in Tanium Server.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6416 - Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
CVE ID :CVE-2026-6416
Published : April 22, 2026, 3:16 a.m. | 3 hours, 30 minutes ago
Description :Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6416
Published : April 22, 2026, 3:16 a.m. | 3 hours, 30 minutes ago
Description :Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6833 - aEnrich|a+HRD - SQL Injection
CVE ID :CVE-2026-6833
Published : April 22, 2026, 4:16 a.m. | 2 hours, 29 minutes ago
Description :The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6833
Published : April 22, 2026, 4:16 a.m. | 2 hours, 29 minutes ago
Description :The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6834 - aEnrich|a+HRD - Missing Authorization
CVE ID :CVE-2026-6834
Published : April 22, 2026, 4:16 a.m. | 2 hours, 29 minutes ago
Description :The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6834
Published : April 22, 2026, 4:16 a.m. | 2 hours, 29 minutes ago
Description :The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6835 - aEnrich|a+HCM - Arbitrary File Upload
CVE ID :CVE-2026-6835
Published : April 22, 2026, 4:16 a.m. | 2 hours, 29 minutes ago
Description :The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6835
Published : April 22, 2026, 4:16 a.m. | 2 hours, 29 minutes ago
Description :The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40451 - DeepL Chrome Cross-Site Scripting (XSS)
CVE ID :CVE-2026-40451
Published : April 22, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description :DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40451
Published : April 22, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description :DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40448 - Samsung Open Source ONE Integer Overflow Memory Allocation Vulnerability
CVE ID :CVE-2026-40448
Published : April 22, 2026, 5:40 a.m. | 1 hour, 5 minutes ago
Description :Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40448
Published : April 22, 2026, 5:40 a.m. | 1 hour, 5 minutes ago
Description :Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40449 - Samsung Open Source ONE Buffer Overflow
CVE ID :CVE-2026-40449
Published : April 22, 2026, 5:51 a.m. | 54 minutes ago
Description :Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40449
Published : April 22, 2026, 5:51 a.m. | 54 minutes ago
Description :Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-40450 - Samsung Open Source ONE Integer Overflow Memory Corruption
CVE ID :CVE-2026-40450
Published : April 22, 2026, 5:53 a.m. | 52 minutes ago
Description :Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-40450
Published : April 22, 2026, 5:53 a.m. | 52 minutes ago
Description :Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41664 - Samsung Open Source ONE Integer Overflow Vulnerability
CVE ID :CVE-2026-41664
Published : April 22, 2026, 5:54 a.m. | 51 minutes ago
Description :Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41664
Published : April 22, 2026, 5:54 a.m. | 51 minutes ago
Description :Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41665 - Samsung Open Source ONE Integer Overflow Memory Corruption
CVE ID :CVE-2026-41665
Published : April 22, 2026, 5:55 a.m. | 50 minutes ago
Description :Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41665
Published : April 22, 2026, 5:55 a.m. | 50 minutes ago
Description :Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41666 - Samsung Open Source ONE Integer Overflow Out-of-Bounds Write
CVE ID :CVE-2026-41666
Published : April 22, 2026, 5:56 a.m. | 49 minutes ago
Description :Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41666
Published : April 22, 2026, 5:56 a.m. | 49 minutes ago
Description :Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41667 - Samsung Open Source ONE Integer Overflow Vulnerability
CVE ID :CVE-2026-41667
Published : April 22, 2026, 5:57 a.m. | 48 minutes ago
Description :Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41667
Published : April 22, 2026, 5:57 a.m. | 48 minutes ago
Description :Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6839 - Samsung Open Source ONE Out-of-Bounds Access Vulnerability
CVE ID :CVE-2026-6839
Published : April 22, 2026, 6:07 a.m. | 38 minutes ago
Description :Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6839
Published : April 22, 2026, 6:07 a.m. | 38 minutes ago
Description :Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6840 - Apache Airflow Operator Code Injection Vulnerability
CVE ID :CVE-2026-6840
Published : April 22, 2026, 6:08 a.m. | 37 minutes ago
Description :Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6840
Published : April 22, 2026, 6:08 a.m. | 37 minutes ago
Description :Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22746 - User Attribute Enumeration when Using DaoAuthenticationProvider
CVE ID :CVE-2026-22746
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, or locked.This issue affects Spring Security: from 5.7.0 through 5.7.22, from 5.8.0 through 5.8.24, from 6.3.0 through 6.3.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22746
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, or locked.This issue affects Spring Security: from 5.7.0 through 5.7.22, from 5.8.0 through 5.8.24, from 6.3.0 through 6.3.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22747 - Unauthorized User Impersonation when Using X.509 Client Certificates
CVE ID :CVE-2026-22747
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22747
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22748 - Potential Security Misconfiguration when Using withIssuerLocation
CVE ID :CVE-2026-22748
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22748
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22753 - Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers
CVE ID :CVE-2026-22753
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered inactive on intended requests.This issue affects Spring Security: from 7.0.0 through 7.0.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22753
Published : April 22, 2026, 6:16 a.m. | 30 minutes ago
Description :Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered inactive on intended requests.This issue affects Spring Security: from 7.0.0 through 7.0.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22754 - ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules
CVE ID :CVE-2026-22754
Published : April 22, 2026, 6:16 a.m. | 29 minutes ago
Description :Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22754
Published : April 22, 2026, 6:16 a.m. | 29 minutes ago
Description :Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...