Advisory Week

Week 16, 2026

This week's known exploited vulnerabilities include Cisco SD‑WAN Manager, PaperCut NG/MF, Marimo RCE, D‑Link DIR‑823X, Samsung MagicINFO. Plus Apple iOS patches, Oracle's April updates, Firefox, Chrome and more.

CISA Known Exploited Vulnerabilities

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability CVE-2026-20122

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerabili CVE-2026-20133

Kentico Xperience Path Traversal Vulnerability CVE-2025-2749

PaperCut NG/MF Improper Authentication Vulnerability CVE-2023-27351

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability CVE-2025-48700

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability CVE-2026-20128

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability CVE-2025-32975

JetBrains TeamCity Relative Path Traversal Vulnerability CVE-2024-27199

Microsoft Defender Insufficient Granularity of Access Control Vulnerability CVE-2026-33825

Marimo Remote Code Execution Vulnerability CVE-2026-39987

D-Link DIR-823X Command Injection Vulnerability CVE-2025-29635

Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-7399

SimpleHelp Path Traversal Vulnerability CVE-2024-57728

SimpleHelp Missing Authorization Vulnerability CVE-2024-57726

The known exploited vulnerabilities list contains vulnerabilities that are known to be actively exploited. They may not be new or recently discovered. Vulnerabilities listed here were added to this list in the past week.

Apple Security Advisory

iOS 26.4.2 and iPadOS 26.4.2 - Apple Security Content

iOS 18.7.8 and iPadOS 18.7.8 - Apple Security Content

National Cyber Awareness System

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

Supply Chain Compromise Impacts Axios Node Package Manager

Oracle Security Alerts

Oracle Critical Patch Update Advisory - April 2026

Mozilla Security Advisories

Security Vulnerabilities fixed in Firefox ESR 140.10 mfsa2026-32

Security Vulnerabilities fixed in Firefox ESR 115.35 mfsa2026-31

Security Vulnerabilities fixed in Firefox 150 mfsa2026-30

Security Vulnerabilities fixed in Thunderbird 140.10 mfsa2026-34

Security Vulnerabilities fixed in Thunderbird 150 mfsa2026-33

Ubuntu Security Notices

Linux kernel (IBM) vulnerabilities: USN-8180-5

OpenMPT vulnerability: USN-8206-1

GStreamer Bad Plugins vulnerabilities: USN-8205-1

Linux kernel (Azure FIPS) vulnerabilities: USN-8180-4

Linux kernel vulnerabilities: USN-8180-3 / USN-8179-3 / USN-8183-2 / USN-8200-1

Linux kernel (Raspberry Pi Real-time) vulnerabilities: USN-8204-1

Linux kernel (Oracle) vulnerabilities: USN-8203-1

jq vulnerabilities: USN-8202-1

Linux kernel (Azure) vulnerabilities: USN-8201-1

Linux kernel (FIPS) vulnerabilities: USN-8200-2

Tornado vulnerabilities: USN-8198-1

Red Hat Security Advisory

Important: squid security update: RHSA-2026:10257 / RHSA-2026:10256 / RHSA-2026:9220

Red Hat Web Terminal Operator 1.11.0 release.: RHSA-2026:10250

Red Hat Web Terminal Operator 1.12.0 release.: RHSA-2026:10225

Important: grafana security update: RHSA-2026:10223 / RHSA-2026:9043 / RHSA-2026:8930 / RHSA-2026:8877 / RHSA-2026:8853 / RHSA-2026:8849 / RHSA-2026:8847

Important: golang security update: RHSA-2026:10217

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.16 security update.: RHSA-2026:10214

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.18 security update.: RHSA-2026:10215

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.17 security update.: RHSA-2026:10213

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.14 security update.: RHSA-2026:10211

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.12 security update.: RHSA-2026:10209

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.19 security update.: RHSA-2026:10206

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.20 security update.: RHSA-2026:10205

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.15 security update.: RHSA-2026:10204

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.13 security update.: RHSA-2026:10201

Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.21 security update.: RHSA-2026:10199

RHOAI 2.25.5 - Red Hat OpenShift AI: RHSA-2026:10184

Red Hat OpenShift Dev Spaces 3.27.1 Release.: RHSA-2026:10175

RHTAS 1.3.4 - Red Hat Trusted Artifact Signer Release: RHSA-2026:10172 / RHSA-2026:10153 / RHSA-2026:10131 / RHSA-2026:10130 / RHSA-2026:10126 / RHSA-2026:10125

Important: rhc-worker-playbook security update: RHSA-2026:10169

Red Hat OpenShift Builds 1.7.2: RHSA-2026:10158

Important: OpenJDK 25.0.3 Security Update for Portable Linux Builds: RHSA-2026:9694

Important: OpenJDK 21.0.11 Security Update for Portable Linux Builds: RHSA-2026:9690

Important: OpenJDK 21.0.11 Security Update for Windows Builds: RHSA-2026:9691

Important: OpenJDK 17.0.19 Security Update for Windows Builds: RHSA-2026:9688

Important: OpenJDK 17.0.19 Security Update for Portable Linux Builds: RHSA-2026:9687

Important: OpenJDK 8u492 Security Update for Portable Linux Builds: RHSA-2026:9684

Important: OpenJDK 8u492 Windows Security Update: RHSA-2026:9685

Red Hat OpenShift Builds 1.6.5: RHSA-2026:10155

Red Hat Enterprise Linux AI 3.3.1: RHSA-2026:10141 / RHSA-2026:10140

Important: golang-github-openprinting-ipp-usb security update: RHSA-2026:10133

Red Hat Hardened Images RPMs Security Update: RHSA-2026:10118 / RHSA-2026:10117

Important: rhc security update: RHSA-2026:10107 / RHSA-2026:9695 / RHSA-2026:8855 / RHSA-2026:8852 / RHSA-2026:8851

Important: python security update: RHSA-2026:10102 / RHSA-2026:9614

Important: .NET 8.0 security update: RHSA-2026:10091 / RHSA-2026:10084 / RHSA-2026:10082

Important: java-17-openjdk security update: RHSA-2026:9686

Important: .NET 9.0 security update: RHSA-2026:10085 / RHSA-2026:10083

Important: freerdp security update: RHSA-2026:10076 / RHSA-2026:9656 / RHSA-2026:9641 / RHSA-2026:9640 / RHSA-2026:8945

Red Hat OpenShift Pipelines Release 1.20.4: RHSA-2026:10066 / RHSA-2026:10026

Important: Red Hat Update Infrastructure 5.1 security update: RHSA-2026:10065

Important: nodejs:20 security update: RHSA-2026:9874 / RHSA-2026:9711

DevWorkspace Operator 0.40.1 release.: RHSA-2026:9872

Moderate: kernel security update: RHSA-2026:9870 / RHSA-2026:9836 / RHSA-2026:9644 / RHSA-2026:9643 / RHSA-2026:9515 / RHSA-2026:9514 / RHSA-2026:9513 / RHSA-2026:9112 / RHSA-2026:9095

Important: multicluster engine for Kubernetes v2.6.10 security update: RHSA-2026:9848

Moderate: kernel-rt security update: RHSA-2026:9835 / RHSA-2026:9512

Insights proxy Container Image: RHSA-2026:9832

Important: java-25-openjdk security update: RHSA-2026:9693

Important: java-1.8.0-openjdk security update: RHSA-2026:9682

Important: OpenJDK 11.0.31 ELS Security Update for Portable Linux Builds: RHSA-2026:9255

Important: OpenJDK 11.0.31 ELS Security Update for Windows Builds: RHSA-2026:9256

Important: python3 security update: RHSA-2026:9745 / RHSA-2026:9621 / RHSA-2026:9387 / RHSA-2026:9289

Red Hat Developer Hub 1.8.6 release.: RHSA-2026:9742

Important: openssh security update: RHSA-2026:9732 / RHSA-2026:9415

Red Hat Hardened Images RPMs bug fix and enhancement update: RHSA-2026:9077 / RHSA-2026:9228 / RHSA-2026:9221 / RHSA-2026:8824 / RHSA-2026:9080 / RHSA-2026:9205 / RHSA-2026:8579

Important: Java 11 OpenJDK ELS Security Update: RHSA-2026:9254

Important: python3.11 security update: RHSA-2026:9705 / RHSA-2026:9591 / RHSA-2026:9260 / RHSA-2026:9042

Important: Red Hat OpenShift GitOps v1.20.2 security update: RHSA-2026:9699

Important: Red Hat OpenShift GitOps v1.19.3 security update: RHSA-2026:9698

Important: Red Hat OpenShift GitOps v1.18.5 security update: RHSA-2026:9697

Important: webkit2gtk3 security update: RHSA-2026:9692

Moderate: wireshark security update: RHSA-2026:9666

Important: OpenShift Container Platform 4.18.38 bug fix and security update: RHSA-2026:8423

OpenShift Container Platform 4.18.38 bug fix and security update: RHSA-2026:8448 / RHSA-2026:8423

Important: thunderbird security update: RHSA-2026:9638 / RHSA-2026:9345 / RHSA-2026:8850

OpenShift Container Platform 4.18.38 security and extras update: RHSA-2026:8449

OpenShift Container Platform 4.20.19 security and extras update: RHSA-2026:8431

Important: perl-XML-Parser security update: RHSA-2026:9605 / RHSA-2026:9259 / RHSA-2026:9258 / RHSA-2026:9246 / RHSA-2026:9110

Important: libarchive security update: RHSA-2026:9592 / RHSA-2026:9026 / RHSA-2026:8908

Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update: RHSA-2026:9488 / RHSA-2026:9487 / RHSA-2026:9447 / RHSA-2026:9446

Red Hat OpenShift Service Mesh 3.3.2: RHSA-2026:9461

Red Hat OpenShift Service Mesh 3.2.4: RHSA-2026:9453

Red Hat OpenShift Service Mesh 3.1.7: RHSA-2026:9448

Red Hat OpenShift Service Mesh 3.0.10: RHSA-2026:9440

Important: git-lfs security update: RHSA-2026:9439 / RHSA-2026:9436 / RHSA-2026:9435 / RHSA-2026:9434

Red Hat build of OpenTelemetry 3.9.2 release: RHSA-2026:9388

Red Hat OpenShift distributed tracing platform (Tempo) 3.9.2 release: RHSA-2026:9385

Important: giflib security update: RHSA-2026:9295 / RHSA-2026:9294 / RHSA-2026:9292 / RHSA-2026:9291 / RHSA-2026:9290 / RHSA-2026:8887 / RHSA-2026:8886 / RHSA-2026:8885 / RHSA-2026:8858

Important: kernel security update: RHSA-2026:9264 / RHSA-2026:9131 / RHSA-2026:8921

Important: python3.9 security update: RHSA-2026:9262 / RHSA-2026:9261

Important: kernel-rt security update: RHSA-2026:9135

Important: containernetworking-plugins security update: RHSA-2026:9109

Important: gvisor-tap-vsock security update: RHSA-2026:9108

Important: skopeo security update: RHSA-2026:9098

Important: runc security update: RHSA-2026:9097

Important: grafana-pcp security update: RHSA-2026:9094 / RHSA-2026:9093 / RHSA-2026:9090 / RHSA-2026:8949 / RHSA-2026:8931 / RHSA-2026:8878 / RHSA-2026:8845

Red Hat Lightspeed (formerly Insights) for Runtimes security update: RHSA-2026:9052

Important: osbuild-composer security update: RHSA-2026:9044

Important: python-urllib3 security update: RHSA-2026:9031

Important: fontforge security update: RHSA-2026:8937

Important: openexr security update: RHSA-2026:8888

Important: go-rpm-macros security update: RHSA-2026:8848 / RHSA-2026:8841 / RHSA-2026:8840

Important: delve security update: RHSA-2026:8842

FortiGuard Threat Signals

Apache ActiveMQ RCE

Cisco Security Advisory

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

Microsoft Security

Microsoft April 2026 Security Update Guide

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup

CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check

CVE-2026-23446 net: usb: aqc111: Do not perform PM inside suspend callback

CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n

CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching

CVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operations

CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request

CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()

CVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()

CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability

CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability

CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability

CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability

CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability

CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability

CVE-2026-32172 Microsoft Power Apps Remote Code Execution Vulnerability

CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability

CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()

CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption

CVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSL

CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input

CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing

CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds

CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free

CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex

CVE-2026-31450 ext4: publish jinode after initialization

CVE-2026-31494 net: macb: use the current queue number for stats

CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()

CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it

CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed

CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN

CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks

CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop

CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2

CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise

CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups

CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()

CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio

CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device

CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()

CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()

CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()

CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()

CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0

CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock

CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling

CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer

CVE-2026-31448 ext4: avoid infinite loops caused by residual data

CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table

CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks

CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)

CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests

CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create

CVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requests

CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports

CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()

CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount

CVE-2026-31518 esp: fix skb leak with espintcp and async crypto

CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry

CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes

CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks

CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb

CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false

CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset

CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path

CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm

CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()

CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory

CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices

CVE-2026-31523 nvme-pci: ensure we're polling a polled queue

CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case

CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race

CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]

CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

CVE-2026-31506 net: bcmasp: fix double free of WoL irq

CVE-2026-31527 driver core: platform: use generic driver_override infrastructure

CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation

CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown

CVE-2026-31476 ksmbd: do not expire session on binding failure

CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount

CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size

CVE-2026-31515 af_key: validate families in pfkey_send_migrate()

CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc

CVE-2026-31487 spi: use generic driver_override infrastructure

CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex

CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()

CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

CVE-2026-5958 Race Condition in GNU Sed

CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head

CVE-2026-31430 X.509: Fix out-of-bounds access when parsing extensions

CVE-2026-5450 scanf %mc off-by-one heap buffer overflow

CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal

CVE-2026-5928 Static buffer overflow in deprecated nis_local_principal

CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability

CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure

Amazon AWS Security Advisories

Issues in tough library and tuftool CLI utility

Issue with AWS Ops Wheel (CVE-2026-6911 and CVE-2026-6912

CVE-2026-6550 - Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Google Chrome Updates

Chrome Releases: Stable Channel Update for ChromeOS / ChromeOS Flex

Chrome Releases: Chrome Stable for iOS Update (version 148)

Chrome Releases: Chrome for Android Update (version 147)

Chrome Releases: Stable Channel Update for Desktop (version 147.0.7727.116)

Spring Security Advisories

CVE-2026-40970 - Medium - CVE-2026-40970: Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification

CVE-2026-40971 - Medium - CVE-2026-40971: RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification

CVE-2026-40972 - High - CVE-2026-40972: DevTools remote secret comparison is vulnerable to timing attacks

CVE-2026-40973 - High - CVE-2026-40973: Predictable temp directory accepted without ownership verification

CVE-2026-40974 - Medium - CVE-2026-40974: Cassandra SSL auto-configuration disables TLS hostname verification

CVE-2026-40975 - Medium - CVE-2026-40975: Random value property source uses a weak PRNG unsuitable for secrets

CVE-2026-40976 - Critical - CVE-2026-40976: Default security filter chain has no authorization rule with Actuator but without Health

CVE-2026-40977 - Medium - CVE-2026-40977: PID file write follows symlinks at predictable default path

CVE-2026-22751 - Medium - CVE-2026-22751: Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

CVE-2026-22752 - Critical - CVE-2026-22752: Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata

CVE-2026-22746 - Low - CVE-2026-22746: User Attribute Enumeration when Using DaoAuthenticationProvider

CVE-2026-22748 - Medium - CVE-2026-22748: Potential Security Misconfiguration when Using withIssuerLocation

CVE-2026-22754 - High - CVE-2026-22754: Servlet Path Not Correctly Included in Path Matching of XML Authorization Rules

CVE-2026-22753 - High - CVE-2026-22753: Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers

CVE-2026-22747 - Medium - CVE-2026-22747: Unauthorized User Impersonation when Using X.509 Client Certificates

Switch to Daily Mode

We're thrilled to announce the launch of AdvisoryDaily, a once a day version of this newsletter.

Get AdvisoryDaily