Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Update

New Red Hat build of Keycloak 26.4.11 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.11 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

CVE-2026-4282

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...

USN-7050-1 ruby-devise-two-factor vulnerabilities

Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. CVE-2021-43177 Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled...

PT-2022-4655 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB Forum Software versions prior to 1.19.7 NodeBB Forum Software versions prior to 2.0.0 Description: The utils.generateUUID helper function in NodeBB Forum Software uses a cryptographically insecure pseudo-random number generator...

UBUNTU-CVE-2016-2085

The evmverifyhmac function in security/integrity/evm/evmmain.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack...