CVE-2026-1190 vulnerabilities

Vulnerabilities for packages: keycloak, keycloak-fips...

CVE-2026-1190

creationtimestamp| type| source ---|---|--- 2026-01-26 21:40:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mde7i3kllt26...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +186 more potentially affected by CVE-2026-1190 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.2)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +190 more potentially affected by CVE-2026-1190 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

CVE-2025-15274

creationtimestamp| type| source ---|---|--- 2025-12-29 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1190/ 2025-12-31 07:42:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mbbeid3xco2u 2026-01-07 17:08:14+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2011-1190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to...

CVE-2023-1190

A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclos...

CVE-2013-1190

The C-Series Rack Server component 1.4 in Cisco Unified Computing System UCS does not properly restrict inbound access to ports, which allows remote attackers to cause a denial of service Integrated Management Controller reboot or hang via crafted packets, as demonstrated by nmap, aka Bug ID...

CVE-2025-1190

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /parse/loaduser-profile.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Multiple parameters might be...

CVE-2025-1190 code-projects Job Recruitment load_user-profile.php cross site scripting

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /parse/loaduser-profile.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Multiple parameters might be...

CVE-2025-1190 code-projects Job Recruitment load_user-profile.php cross site scripting

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /parse/loaduser-profile.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Multiple parameters might be...

CVE-2025-1190

Code-Projects Job Recruitment 1.0 is affected by a cross-site scripting (XSS) vulnerability in the file /_parse/load_user-profile.php. Multiple connected sources consistently identify the flaw as arising from processing user input in that file, with the vulnerability exploitable remotely over net...

CVE-2022-1190

Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc...

CVE-2024-5409

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...

CVE-2024-5409

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...

CVE-2024-5408

Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL...

CVE-2024-5407

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

RhinOS 安全漏洞

RhinOS is a web development framework. A security vulnerability exists in RhinOS version 3.0-1190, which originates from an easy cross-site scripting XSS attack via the search parameter in /portal/search.htm, which allows an attacker to steal details of a victim's user session by submitting a...

RhinOS 代码注入漏洞

RhinOS is a web development framework. A code injection vulnerability exists in RhinOS version 3.0-1190, which stems from the ease of injecting PHP code via the search parameter in /portal/search.htm, which could lead to an attacker executing a reverse shell and compromising the entire...

SUSE SLES15 Security Update : less (SUSE-SU-2024:1190-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1190-1 advisory. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus has not tested for thi...