GHSA-594W-2FWP-JWRC Keycloak Admin REST API exposes backend schema and rules

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

A new era of agents, a new era of posture

The rise of AI Agents marks one of the most exciting shifts in technology today. Unlike traditional applications or cloud resources, these agents are not passive components- they reason, make decisions, invoke tools, and interact with other agents and systems on behalf of users. This autonomy...

EUVD-2026-3683

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

Side-Channel Attacks on Open VSwitch

Virtualization is widely adopted in cloud systems to manage resource sharing among users. A virtualized environment usually deploys a virtual switch within the host system to enable virtual machines to communicate with each other and with the physical network. The Open vSwitch OVS is one of the...

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

CVE-2025-55249

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

CVE-2025-36419

IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system...

security-antipatterns-javascript

Security Anti-Patterns for JavaScript AI coding agents don't...

MiracleLinux 7 : pam-1.1.8-23.0.1.0.2.el7.AXS7 (AXSA:2025-10893:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10893:07 advisory. CVE-2025-6020: fix potential privilege escalation in pamnamspace CVEs: CVE-2025-6020 A flaw was found in linux-pam. The module pamnamespace may use access...

Uncovering and Understanding FPR Manipulation Attack in Industrial IoT Networks

In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of...

MiracleLinux 8 : kernel-4.18.0-477.10.1.el8_8 (AXSA:2023-5865:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5865:16 advisory. use-after-free caused by l2capreassemblesdu in net/bluetooth/l2capcore.c CVE-2022-3564 net/ulp: use-after-free in listening ULP sockets CVE-2023-046...

CVE-2025-55250

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks...

CVE-2025-55249

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability.

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

EUVD-2026-3208

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

CVE-2025-55249

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

CVE-2025-55249

Technical details (affected product/versions, root cause, exploitability, mitigations) are not publicly available in the provided documents. Monitor for updates from vendor advisories and CVE feeds.

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to expose sensitive technical details, leading to information disclosure or assisting in further attacks...

Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices

Individuals experiencing interpersonal violence IPV, who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech...

raylib security vulnerability

Raylib is a simple and easy-to-use library developed by the creators of raysan5, designed for video game programming. Versions of Raylib starting from 909f040 had security vulnerabilities. These vulnerabilities stemmed from a heap buffer overflow in the GenImageFontAtlas function found in the...