CVE-2026-7307

creationtimestamp| type| source ---|---|--- 2026-05-19 13:17:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm7i2vkom32i...

CVE-2026-7307 Keycloak: keycloak: denial of service via specially crafted saml input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

EUVD-2021-7307

Malicious code in bioql PyPI...

CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability

IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

CVE-2015-7307

Cross-site scripting XSS vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page...

CVE-2024-7307

creationtimestamp| type| source ---|---|--- 2024-07-31 11:49:06+00:00| seen| https://t.me/cvedetector/2122...

CVE-2024-7307

A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /managebilling.php. The manipulation of the argument id leads to sql injection. The attack can be launche...

CVE-2024-7307

Summary (CVE-2024-7307): A SQL injection vulnerability exists in SourceCodester Establishment Billing Management System v1.0, triggered by manipulating the id parameter in the file /manage_billing.php. The issue is exploitable remotely and affects an unknown functionality. Public exploitation det...

Malicious code in wlwz-2312-7307 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2239b50f93c5b334f6bcfc37d7a6551d3bfa3ac18887814ec44ddfcc796efb3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2008-7307

CVE-2008-7307 is rejected and not used; this candidate number was withdrawn.

CVE-2008-7307

...

CVE-2020-7307

CVE-2020-7307 affects McAfee Data Loss Prevention (DLP) for Mac/V11.x in which credentials are stored in unprotected log files. The root cause is Unprotected Storage of Credentials allowing local users to access RiskDB credentials (username/password) prior to version 11.5.2. Public references in ...

CVE-2018-7307

Auth0.js (Auth0.js library) is affected up to and including version 9.3, where CSRF can occur if the authorization response lacks the state parameter. Root cause: improper handling of missing state in the response. Impact: CSRF vulnerability with high CVSS3 score (8.8) and notable risks of unauth...

CVE-2018-7307

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

CVE-2016-7307

...

CVE-2016-7307

CVE-2016-7307 is rejected/not used; this entry does not represent an active vulnerability.

CVE-2017-7307

Riverbed RiOS before 9.0.1 is vulnerable to an elevation-of-privilege in which shell access is not properly restricted in single-user mode. An attacker with physical proximity can replace the /opt/tms/bin/cli binary to obtain root privileges and access decrypted data. The CVSS data indicates high...

CVE-2015-7307

The CVE-2015-7307 entry describes a cross-site scripting (XSS) vulnerability in the Drupal CMS Updater module (7.x-1.x) prior to version 7.x-1.3. The issue arises on the module’s configuration page where user-supplied text is not properly sanitized, enabling remote attackers to inject arbitrary w...

CMS Updater - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2015-150

CMS Updater allows to update Drupal core automatically with a subscription service. Access bypass The module does not sufficiently protect the settings page allowing any user with the permission "access administration pages" to change settings. This vulnerability is mitigated by the fact that an...