CVE-2026-3190

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

CVE-2026-3190 Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api

A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...

CVE-2026-3190

CVE-2026-3190 affects Keycloak via the UMA 2.0 Protection API endpoint for permission tickets, where the required uma_protection role check is not enforced. As a result, any authenticated user with a token issued for a resource server client can enumerate all permission tickets, leading to partia...

Brute Force

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Brute Force via the getapivideopasswordiscorrect API endpoint, which allows unauthenticated users to verify passwords for protected videos without rate limiting or...

CVE-2026-29092

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

CVE-2026-3857

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...

CVE-2026-28895

The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode...

CVE-2026-0108

The register protection of the PowerVR GPU is incorrectly configured. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-69246

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6...

CVE-2026-33393

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the allowedspamhostdomains check used Stringendwith? without domain boundary validation, allowing domains like attacker-example.com to bypass spam protection when example.com was...

CVE-2026-33071

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, the WebDAV upload endpoint accepts any file extension including .phtml, .php5, .htaccess, and other server-side executable types, bypassing the filename validation enforced by the regular upload path. In...

CVE-2026-28449

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

CVE-2026-4270

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

CVE-2026-22181

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

CVE-2026-0230

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...

CVE-2026-23658

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-32261

Webhooks for Craft CMS plugin adds the ability to manage “webhooks” in Craft CMS, which will send GET or POST requests when certain events occur. From version 3.0.0 to before version 3.2.0, the Webhooks plugin renders user-supplied template content through Twig’s renderString function without...

CVE-2026-33507

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...

CVE-2026-4283

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

Protection Mechanism Failure

github.com/envoyproxy/envoy is vulnerable to Protection Mechanism Failure. The vulnerability is due to accepting and forwarding client data before a successful 2xx response in TCP proxy mode, which allows an attacker to cause desynchronization when upstream proxies reject the CONNECT request...