Keycloak < 26.4.11 Multiple Vulnerabilities

Keycloak versions installed prior to 26.4.11 are affected by multiple vulnerabilities: - A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an...

@backingman/keycloak (=0.0.0-alpha), @backstage-community/plugin-catalog-backend-module-keycloak (>=3.1.1 <=3.17.2) +86 more potentially affected by CVE-2026-2366 via @keycloak/keycloak-admin-client (>=15.1.0 <=26.5.5)

@keycloak/keycloak-admin-client NPM version =15.1.0, =3.1.1, =0.1.1, =0.1.1, =0.1.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-2366 Source advisory: OSV:GHSA-R8JR-WG88-FQ5C...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +191 more potentially affected by CVE-2026-2366 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.5)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

EUVD-2026-2366

Not used...

EUVD-2009-4220

Malware in sbrugna...

CVE-2014-2366

creationtimestamp| type| source ---|---|--- 2025-10-06 18:13:44+00:00| seen| Telegram/NeS3YEZm4TZzbS7YyA5Pe6b0lJ3rCQ-XCf8dD3fLfFP3Mz4...

CVE-2023-2366

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=deleteclass. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

CVE-2013-2366

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802...

CVE-2002-2366

Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml...

CVE-2025-2366

creationtimestamp| type| source ---|---|--- 2025-03-17 07:46:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7740 2025-03-17 09:06:05+00:00| seen| https://t.me/cvedetector/20433 2025-03-17 09:46:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkkuoludq...

CVE-2025-2366

CVE-2025-2366 affects gougucms 4.08.18. The vulnerability is in the Add Department Page component (function add) where manipulating the argument title leads to cross-site scripting (XSS). The issue can be exploited remotely, with public disclosure of the exploit. Documents consistently identify t...

CVE-2025-2366 gougucms Add Department Page add cross site scripting

A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack...

CVE-2025-2366 gougucms Add Department Page add cross site scripting

A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack...

Linux Distros Unpatched Vulnerability : CVE-2016-2366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially resul...

CVE-2024-2366 Remote Code Execution in parisneo/lollms-webui

A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstallbinding functionality in lollmscore/lollms/server/endpoints/lollmsbindinginfos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing...

Rocky Linux 9 : freeglut (RLSA-2024:2366)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2366 advisory. - freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. CVE-2024-24258 - freeglut through...

RHEL 5 : pidgin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pidgin: Out-of-bounds write in purplemarkupunescapeentity triggered by invalid XML CVE-2017-2640 - A deni...

Oracle Linux 9 : freeglut (ELSA-2024-2366)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2366 advisory. 3.2.1-10 - Fix CVE-2024-24258 and CVE-2024-24259 Resolves: https://issues.redhat.com/browse/RHEL-25176 Resolves:...

Oracle Linux 9 : emacs (ELSA-2023-2366)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2366 advisory. 1:27.2-8 - Use a 64KB page size for pdump 1979804 1:27.2-7 - Fix ctags local command execute vulnerability 2149387 Tenable has extracted the preceding descripti...

RHEL 9 : emacs (RHSA-2023:2366)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2366 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...