207 matches found
CVE-2026-46455
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...
CVE-2026-46455
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...
CVE-2026-46455
CVE-2026-46455 affects Apache Camel with the camel-keycloak component. The security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) that only enforces subject and issuer, but omits the default IS_ACTIVE check. Consequently, the verifie...
EUVD-2026-41829
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...
CVE-2026-9549
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-9549 Fix XSS in service discovery active check output
Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: quota: fixed the loop condition in f2fsquotasync The parameter cnt should be passed to sbhasquotaactive, rather than type, to correctly check the active quota. Moreover, when the type is -1, the compiler, with sufficient...
CVE-2026-44561
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...
CVE-2026-44561 Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the isuserchannelmember function checks whether a ChannelMember row exists but does not check the isactive field. When a user is deactivated from a group or DM channel removed by the...
Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels
Deactivated Channel Members Retain Full Access to Group/DM Channels Affected Component Channel membership authorization check: - backend/openwebui/models/channels.py lines 663-673, isuserchannelmember - Used at 15 locations in backend/openwebui/routers/channels.py Affected Versions Current main...
PT-2026-39278
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description In the self-hosted artificial intelligence platform Open WebUI, the is user channel member function fails to verify the is active field when checking channel membership. When a user is removed fro...
CVE-2026-23105 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag
In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...
Synology DiskStation Manager (DSM) File Disclosure Vulnerability (Synology-SA-24:20) - Active Check
Synology DiskStation Manager DSM is prone to a file disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
mDNS Service Amplification Attack (UDP) - Active Check
A publicly accessible service supporting the Multicast DNS mDNS protocol can be exploited to participate in a Distributed Denial of Service DDoS attack. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP6) (SUSE-SU-2025:02390-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02390-1 advisory. This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: - CVE-2024-53146: NFSD: Prevent...
Exploit for CVE-2025-2294
CVE-2025-2294 kubio-cve-2025-2294active.yaml - в шаблоне реал...
CVE-2022-49282 f2fs: quota: fix loop condition at f2fs_quota_sync()
In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix loop condition at f2fsquotasync cnt should be passed to sbhasquotaactive instead of type to check active quota properly. Moreover, when the type is -1, the compiler with enough inline knowledge can discard...
net/mlx5: fs, lock FTE when checking if active
...
Dahua Devices Information Disclosure Vulnerability (Jan 2025) - Active Check
Multiple Dahua devices and their OEMs are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Amcrest Technologies IP Camera Information Disclosure Vulnerability (Dec 2024) - Active Check
Multiple Amcrest Technologies IP Cameras are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...