Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the SAML proxy endpoint failing to properly verify encrypted assertions. This vulnerability may lead to unauthorized access and information leakage...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the lack of enforcement of size limits in SAML redirection bindings. This vulnerability may lead to application-level denial-of-service attacks...

PT-2026-25967

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak’s Security Assertion Markup Language SAML broker endpoint. The endpoint does not properly validate encrypted assertions when the overall SAML response is not signed...

nghttp2 -- CWE-617: Reachable Assertion

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 reports: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesessi...

ROS-20260317-73-0034

A vulnerability in the populatefreespacetree function in the fs/btrfs/free-space-tree.c module of the btrfs file system of the Linux operating system kernel is associated with a reachable assertion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Malicious code in no-type-assertion (npm)

The package 'no-type-assertion' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

MAL-2026-1524 Malicious code in no-type-assertion (npm)

The package 'no-type-assertion' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

SUSE CVE-2017-18909

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory...

Linux Distros Unpatched Vulnerability : CVE-2026-32249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combini...

Malicious Package

Overview no-type-assertion is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

SUSE-SU-2026:0859-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed unicode processing of header values could...

ROS-20260310-73-0032

A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a malicious packet...

Origin Validation Error

Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Origin Validation Error in the SAML authentication process due to improper verification of the origin provided by the...

Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

EUVD-2026-10318

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

CVE-2026-25604

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

CVE-2026-25604 Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

CVE-2026-25604

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.22.0, there were security...

Denial Of Service (DoS)

Python-Markdown is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed HTML-like sequences during Markdown parsing, where html.parser.HTMLParser may raise an unhandled AssertionError, allowing attacker-supplied Markdown input to crash the application...