Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4209 matches found

RedHat Linux
RedHat Linuxadded 2026/04/02 1:53 p.m.2 views

keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS6AI score0.00046EPSS
Exploits0References4
NVD
NVDadded 2026/04/02 1:16 p.m.2 views

CVE-2026-4325

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS0.00046EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/04/02 12:44 p.m.1 views

CVE-2026-4325 Keycloak: keycloak: replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.00046EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/04/02 12:37 p.m.1 views

CVE-2026-4325

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.00046EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/04/02 8:39 a.m.6 views

SUSE CVE-2026-23403

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verifyheader The function sets ns = NULL on every call, leaking the namespace string allocated in previous iterations when multiple profiles are unpacked. This also breaks namespace consistency checki...

6.6CVSS5.8AI score0.00011EPSS
Exploits0References22
SUSE CVE
SUSE CVEadded 2026/04/02 8:39 a.m.5 views

SUSE CVE-2026-23408

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of nsname in aareplaceprofiles if nsname is NULL after 1071 error = aaunpackudata, &lh, &nsname; and if ent-nsname contains an nsname in 1089 else if ent-nsname then nsname is assigned the ent-nsname 109...

6.1CVSS5.7AI score0.00009EPSS
Exploits0References22
CNNVD
CNNVDadded 2026/04/02 12:0 a.m.4 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from the lack of proper type and namespace isolation in SingleUseObjectProvider. This vulnerability could allow attackers to delete single-use entries, thereb...

5.3CVSS5.8AI score0.00046EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/02 12:0 a.m.7 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the lack of proper type and namespace isolation in SingleUseObjectProvider. This vulnerability could allow unverified attackers to forge authorization...

7.4CVSS5.8AI score0.00021EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.2 views

PT-2026-29730

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.00046EPSS
Exploits0References3
Snyk
Snykadded 2026/04/01 8:30 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...

4.9CVSS5.9AI score0.00058EPSS
Exploits0References2
Snyk
Snykadded 2026/04/01 8:30 p.m.0 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...

4.9CVSS5.9AI score0.00058EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/01 6:36 p.m.11 views

Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6.1AI score0.00058EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/04/01 6:36 p.m.4 views

EUVD-2026-17995

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6AI score0.00058EPSS
Exploits0References3
OSV
OSVadded 2026/04/01 6:36 p.m.3 views

GHSA-XPG8-3HHP-P7W8 Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6.1AI score0.00058EPSS
Exploits0References4
NVD
NVDadded 2026/04/01 6:16 p.m.4 views

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS0.00058EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/01 5:49 p.m.1 views

CVE-2026-5199

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6AI score0.00058EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/04/01 5:49 p.m.13 views

CVE-2026-5199

The CVE-2026-5199 issue arises from a bug in Temporal Server v1.29.0 where a writer in an attacker-controlled namespace could signal, delete, or reset workflows/activities in a victim namespace on the same cluster. The root cause is that the batch activity validated the victim namespace ID but di...

2.3CVSS6AI score0.00058EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/01 5:49 p.m.0 views

CVE-2026-5199 Cross Namespace Access via Batch Operation

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6AI score0.00058EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/01 5:49 p.m.20 views

CVE-2026-5199 Cross Namespace Access via Batch Operation

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS0.00058EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/04/01 1:44 p.m.5 views

CVE-2026-23403

A flaw was found in AppArmor within the Linux kernel. This vulnerability, located in the verifyheader function, causes a memory leak by incorrectly handling namespace strings when multiple security profiles are processed. This can lead to a gradual depletion of system memory, potentially impactin...

5.8AI score0.00011EPSS
Exploits0References4
Rows per page
Query Builder