CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830

Technical details (affected product/version, root cause specifics, impact, or remediation) are not publicly available in the provided documents; monitor for updates.

EUVD-2026-30841

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

CVE-2026-43968

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

CVE-2026-1363

CVE-2026-1363 affects IAQS and I6 by JNC. The issue is described as a Client-Side Enforcement of Server-Side Security vulnerability that lets unauthenticated remote attackers manipulate the web front-end to gain administrator privileges. CVSS metrics indicate high impact to confidentiality, integ...

CVE-2026-1201

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

CVE-2026-1201 Authorization Bypass Through User-Controlled Key in Hubitat Elevation Hubs

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

PT-2026-4286

Name of the Vulnerable Software and Affected Versions Hubitat Elevation versions prior to 2.4.2.157 Description A flaw exists in Hubitat Elevation home automation controllers that allows a remote authenticated user to control connected devices outside of their authorized scope. This is possible...

Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities

Document Title: =============== Affiliate Pro v1.7 - Multiple Cross Site Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2281 Release Date: ============= 2022-01-05 Vulnerability Laboratory ID VL-ID: ====================================...

Exploit for Incorrect Default Permissions in Kramerav Viaware

Exploit Title: KRAMER VIAware 2.5.0719.1034 - Remote Code Exec...

Cross-Site Scripting (XSS)

activestorage is vulnerable to cross-site scripting. Signed download URLs that are generated for Google Cloud Storage include content-disposition and content-type parameters which can be modified on the client-side. This allows an attacker to upload specially crafted HTML files and inject arbitra...

Netis WF2419 Router - Cross-Site Request Forgery

Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Date: 28/01/2018 Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on: Windows 10 Technical Details & Descriptio...

Cross-Site Scripting (XSS) in HTML tag

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...

Edusson (Robotdon) BB Client Side Script Insertion

Document Title: =============== Edusson Robotdon BB - Client Side Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1871 Release Date: ============= 2016-11-04 Vulnerability Laboratory ID VL-ID:...

Magento Bug Bounty #24 - Multiple CSRF Web Vulnerabilities

Document Title: =============== Magento Bug Bounty 24 - Multiple CSRF Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1643 APPSEC-1122 Video: http://www.vulnerability-lab.com/getcontent.php?id=1642 Release Date: ============= 2015-11-...

Remote Desktop v0.9.4 Android - Multiple Vulnerabilities

Document Title: =============== Remote Desktop v0.9.4 Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1413 Release Date: ============= 2015-01-20 Vulnerability Laboratory ID VL-ID: ====================================...

WordPress Easy Media Gallery多个跨站脚本漏洞

Bugtraq ID:65804 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress EasyMedia Gallery插件不正确过滤用户提交的参数，远程攻击者可以利用漏洞构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。 0 WordPress EasyMedia Gallery 1.2.29 目前没有详细解决方案提供： http://wordpress.org/plugins/...