Skip to content

Commit e7f1691

Browse files
author
cvelistV5 Github Action
committed
19 changes (10 new | 9 updated):
 - 10 new CVEs: CVE-2026-22751, CVE-2026-40613, CVE-2026-40614, CVE-2026-40865, CVE-2026-40866, CVE-2026-40867, CVE-2026-40868, CVE-2026-41456, CVE-2026-6744, CVE-2026-6745 - 9 updated CVEs: CVE-2017-20230, CVE-2025-69662, CVE-2026-31013, CVE-2026-31014, CVE-2026-31019, CVE-2026-37748, CVE-2026-40594, CVE-2026-6767, CVE-2026-6775
1 parent 7f63481 commit e7f1691

21 files changed

Lines changed: 1891 additions & 1203 deletions

cves/2017/20xxx/CVE-2017-20230.json

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"assignerShortName": "CPANSec",
99
"dateReserved": "2026-03-28T19:24:26.125Z",
1010
"datePublished": "2026-04-21T15:26:18.216Z",
11-
"dateUpdated": "2026-04-21T16:29:10.971Z"
11+
"dateUpdated": "2026-04-21T18:22:25.354Z"
1212
},
1313
"containers": {
1414
"cna": {
@@ -174,6 +174,19 @@
174174
"shortName": "CISA-ADP",
175175
"dateUpdated": "2026-04-21T16:29:10.971Z"
176176
}
177+
},
178+
{
179+
"title": "CVE Program Container",
180+
"references": [
181+
{
182+
"url": "http://www.openwall.com/lists/oss-security/2026/04/21/5"
183+
}
184+
],
185+
"providerMetadata": {
186+
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
187+
"shortName": "CVE",
188+
"dateUpdated": "2026-04-21T18:22:25.354Z"
189+
}
177190
}
178191
]
179192
}

cves/2025/69xxx/CVE-2025-69662.json

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
"cveId": "CVE-2025-69662",
66
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
77
"assignerShortName": "mitre",
8-
"dateUpdated": "2026-01-30T19:18:50.711Z",
8+
"dateUpdated": "2026-04-21T18:22:26.627Z",
99
"dateReserved": "2026-01-09T00:00:00.000Z",
1010
"datePublished": "2026-01-30T00:00:00.000Z"
1111
},
@@ -114,6 +114,19 @@
114114
"shortName": "CISA-ADP",
115115
"dateUpdated": "2026-01-30T19:18:50.711Z"
116116
}
117+
},
118+
{
119+
"title": "CVE Program Container",
120+
"references": [
121+
{
122+
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00025.html"
123+
}
124+
],
125+
"providerMetadata": {
126+
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
127+
"shortName": "CVE",
128+
"dateUpdated": "2026-04-21T18:22:26.627Z"
129+
}
117130
}
118131
]
119132
},

cves/2026/22xxx/CVE-2026-22751.json

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.2",
4+
"cveMetadata": {
5+
"cveId": "CVE-2026-22751",
6+
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "vmware",
9+
"dateReserved": "2026-01-09T06:55:03.990Z",
10+
"datePublished": "2026-04-21T18:30:35.428Z",
11+
"dateUpdated": "2026-04-21T18:30:35.428Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"providerMetadata": {
16+
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
17+
"shortName": "vmware",
18+
"dateUpdated": "2026-04-21T18:30:35.428Z"
19+
},
20+
"title": "Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions",
21+
"affected": [
22+
{
23+
"vendor": "Spring",
24+
"product": "Spring Security",
25+
"versions": [
26+
{
27+
"status": "affected",
28+
"version": "6.4.0",
29+
"lessThanOrEqual": "6.4.15",
30+
"versionType": "custom"
31+
},
32+
{
33+
"status": "affected",
34+
"version": "6.5.0",
35+
"lessThanOrEqual": "6.5.9",
36+
"versionType": "custom"
37+
},
38+
{
39+
"status": "affected",
40+
"version": "7.0.0",
41+
"lessThanOrEqual": "7.0.4",
42+
"versionType": "custom"
43+
}
44+
],
45+
"defaultStatus": "unaffected"
46+
}
47+
],
48+
"descriptions": [
49+
{
50+
"lang": "en",
51+
"value": "Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.",
52+
"supportingMedia": [
53+
{
54+
"type": "text/html",
55+
"base64": false,
56+
"value": "Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with&nbsp;<code>JdbcOneTimeTokenService</code>&nbsp;are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition.&nbsp;<span>This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.</span>"
57+
}
58+
]
59+
}
60+
],
61+
"references": [
62+
{
63+
"url": "https://spring.io/security/cve-2026-22751"
64+
}
65+
],
66+
"metrics": [
67+
{
68+
"format": "CVSS",
69+
"scenarios": [
70+
{
71+
"lang": "en",
72+
"value": "GENERAL"
73+
}
74+
],
75+
"cvssV3_1": {
76+
"version": "3.1",
77+
"attackVector": "NETWORK",
78+
"attackComplexity": "HIGH",
79+
"privilegesRequired": "NONE",
80+
"userInteraction": "NONE",
81+
"scope": "UNCHANGED",
82+
"confidentialityImpact": "LOW",
83+
"integrityImpact": "LOW",
84+
"availabilityImpact": "NONE",
85+
"baseSeverity": "MEDIUM",
86+
"baseScore": 4.8,
87+
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
88+
}
89+
}
90+
],
91+
"source": {
92+
"discovery": "UNKNOWN"
93+
},
94+
"x_generator": {
95+
"engine": "Vulnogram 1.0.1"
96+
}
97+
}
98+
}
99+
}

cves/2026/31xxx/CVE-2026-31013.json

Lines changed: 64 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
"cveId": "CVE-2026-31013",
66
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
77
"assignerShortName": "mitre",
8-
"dateUpdated": "2026-04-21T14:41:46.112Z",
8+
"dateUpdated": "2026-04-21T18:19:12.306Z",
99
"dateReserved": "2026-03-09T00:00:00.000Z",
1010
"datePublished": "2026-04-21T00:00:00.000Z"
1111
},
@@ -53,7 +53,69 @@
5353
]
5454
}
5555
]
56-
}
56+
},
57+
"adp": [
58+
{
59+
"problemTypes": [
60+
{
61+
"descriptions": [
62+
{
63+
"type": "CWE",
64+
"cweId": "CWE-79",
65+
"lang": "en",
66+
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
67+
}
68+
]
69+
}
70+
],
71+
"metrics": [
72+
{
73+
"cvssV3_1": {
74+
"scope": "CHANGED",
75+
"version": "3.1",
76+
"baseScore": 6.1,
77+
"attackVector": "NETWORK",
78+
"baseSeverity": "MEDIUM",
79+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
80+
"integrityImpact": "LOW",
81+
"userInteraction": "REQUIRED",
82+
"attackComplexity": "LOW",
83+
"availabilityImpact": "NONE",
84+
"privilegesRequired": "NONE",
85+
"confidentialityImpact": "LOW"
86+
}
87+
},
88+
{
89+
"other": {
90+
"type": "ssvc",
91+
"content": {
92+
"timestamp": "2026-04-21T18:19:08.114703Z",
93+
"id": "CVE-2026-31013",
94+
"options": [
95+
{
96+
"Exploitation": "none"
97+
},
98+
{
99+
"Automatable": "no"
100+
},
101+
{
102+
"Technical Impact": "partial"
103+
}
104+
],
105+
"role": "CISA Coordinator",
106+
"version": "2.0.3"
107+
}
108+
}
109+
}
110+
],
111+
"title": "CISA ADP Vulnrichment",
112+
"providerMetadata": {
113+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
114+
"shortName": "CISA-ADP",
115+
"dateUpdated": "2026-04-21T18:19:12.306Z"
116+
}
117+
}
118+
]
57119
},
58120
"dataVersion": "5.2"
59121
}

cves/2026/31xxx/CVE-2026-31014.json

Lines changed: 64 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
"cveId": "CVE-2026-31014",
66
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
77
"assignerShortName": "mitre",
8-
"dateUpdated": "2026-04-21T14:43:26.766Z",
8+
"dateUpdated": "2026-04-21T18:21:08.828Z",
99
"dateReserved": "2026-03-09T00:00:00.000Z",
1010
"datePublished": "2026-04-21T00:00:00.000Z"
1111
},
@@ -53,7 +53,69 @@
5353
]
5454
}
5555
]
56-
}
56+
},
57+
"adp": [
58+
{
59+
"problemTypes": [
60+
{
61+
"descriptions": [
62+
{
63+
"type": "CWE",
64+
"cweId": "CWE-352",
65+
"lang": "en",
66+
"description": "CWE-352 Cross-Site Request Forgery (CSRF)"
67+
}
68+
]
69+
}
70+
],
71+
"metrics": [
72+
{
73+
"cvssV3_1": {
74+
"scope": "UNCHANGED",
75+
"version": "3.1",
76+
"baseScore": 6.3,
77+
"attackVector": "NETWORK",
78+
"baseSeverity": "MEDIUM",
79+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
80+
"integrityImpact": "LOW",
81+
"userInteraction": "REQUIRED",
82+
"attackComplexity": "LOW",
83+
"availabilityImpact": "LOW",
84+
"privilegesRequired": "NONE",
85+
"confidentialityImpact": "LOW"
86+
}
87+
},
88+
{
89+
"other": {
90+
"type": "ssvc",
91+
"content": {
92+
"timestamp": "2026-04-21T18:21:04.933068Z",
93+
"id": "CVE-2026-31014",
94+
"options": [
95+
{
96+
"Exploitation": "none"
97+
},
98+
{
99+
"Automatable": "no"
100+
},
101+
{
102+
"Technical Impact": "partial"
103+
}
104+
],
105+
"role": "CISA Coordinator",
106+
"version": "2.0.3"
107+
}
108+
}
109+
}
110+
],
111+
"title": "CISA ADP Vulnrichment",
112+
"providerMetadata": {
113+
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
114+
"shortName": "CISA-ADP",
115+
"dateUpdated": "2026-04-21T18:21:08.828Z"
116+
}
117+
}
118+
]
57119
},
58120
"dataVersion": "5.2"
59121
}

0 commit comments

Comments
 (0)