MiracleLinux 8 : thunderbird-102.4.0-1.el8.ML.1 (AXSA:2022-3945:15)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3945:15 advisory. Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 Mozilla: Matrix...

MiracleLinux 9 : thunderbird-102.4.0-1.el9.ML.1 (AXSA:2022-4248:24)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4248:24 advisory. Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators CVE-2022-39249 Mozilla: Matrix...

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input due to the improper validation of matrix parameters in URL paths in JAX-RS routing layer. An attacker can gain access to administrative or sensitive endpoints by crafting requests th...

GHSA-V897-PV23-R8CW Keycloak has an improper input validation vulnerability

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

Keycloak has an improper input validation vulnerability

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

CVE-2026-0976

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

CVE-2026-0976

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

CVE-2026-0976 Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

CVE-2026-0976 Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

EUVD-2026-2822

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

CVE-2026-0976

Keycloak contains an improper input validation vulnerability (CVE-2026-0976) where RFC-compliant matrix parameters in URL path segments can be processed in ways that bypass reverse-proxy path filtering, potentially exposing administrative or sensitive endpoints. Affected component commonly cited ...

CVE-2026-0976

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

PT-2026-2984

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak related to improper input validation. The software accepts RFC-compliant matrix parameters within URL path segments, which may be ignored or mishandled by common...

Keycloak input validation error vulnerability

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to input validation. This vulnerability arises from improper input validation, as it accepts RFC-compliant matrix parameters from URL path segments. This could all...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure that the XFD state is preserved during signal delivery. Sean reported the following error when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfdvalidatestate+0x65/0x70 Call Trace: fpuclearuserstates+0x9c/0x10...

LINEture: Novel Signature Cryptosystem

We propose a novel digital signature cryptosystem that exploits the concept of the brute-force problem. To ensure the security of the cryptosystem, we employed several mechanisms: sharing a common secret for factorable permutations, associating permutations with the message being signed, and...

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

CVE-2019-11340

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowedlocal3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on...

CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...