Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/05/28 3:44 a.m.35 views

CVE-2026-9792 Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition

A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...

6.5CVSS0.00267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-44183

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the org.keycloak.protocol.oidc component of Keycloak's Client Policies. When specific condition providers—client-type, client-roles, client-attributes, or client-scopes—are...

6.5CVSS5.1AI score0.00267EPSS
Exploits0References10
OSV
OSV
added 2026/05/19 7:30 p.m.5 views

GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

6.9CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 2026/05/15 7:30 p.m.22 views

EUVD-2026-30613

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the POST /api/v1/models/import endpoint allows users with the workspace.modelsimport permission to overwrite any existing model in the database, regardless of ownership. When an...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/08 7:52 p.m.9 views

Open WebUI's Model Import Overwrites Any Model Without Ownership Check

Model Import Overwrites Any Model Without Ownership Check Affected Component Model import endpoint: - backend/openwebui/routers/models.py lines 254-308, importmodels Affected Versions Current main branch commit 6fdd19bf1 and likely all versions with model import functionality. Description The POS...

6.5CVSS5.8AI score0.0029EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:8 p.m.2 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder