CVE-2026-9791 Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

EUVD-2026-32701

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

BIT-JAVA-MIN-2025-30761

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

CVE-2025-13483

SiRcom SMART Alert SiSA allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application...

Google Android 安全漏洞

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that can be exploited by...

CVE-2021-37864

Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived channels, which allows authenticated users to view contents of archived channels even when this is denied by system administrators by directly accessing the APIs...

mitmproxy 安全漏洞

mitmproxy is an interactive, SSL/TLS-enabled interceptor proxy with a console interface for HTTP/1, HTTP/2, and WebSockets from the mitmproxy open source. A security vulnerability exists in mitmproxy version 11.1.1 and earlier, which stems from a malicious client that can utilize the proxy server...

CVE-2024-10774

Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication...

CVE-2024-5957

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager...

OpenJDK: range check loop optimization issue (8314307)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

PT-2023-25327 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to Mattermost failing to properly validate the origin of a websocket connection. This allows a Man-In-The-Middle MITM attacker on Mattermost to access the websocket...

CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access external...

USN-4689-3 nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server vulnerabilities

It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. CVE-2021-1052 It was discovered that the NVIDIA...

Mattermost Desktop App Access Control Error Vulnerability

Mattermost Desktop App is a messaging desktop application from Mattermost USA. An Access Control Error vulnerability exists in Mattermost Desktop App versions prior to 4.4.0, which stems from the program's failure to properly handle the same-origin policy and can be exploited by an attacker to...