Lucene search
K

107902 matches found

NVD
NVD
added 2026/07/03 4:16 p.m.8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 3:47 p.m.28 views

CVE-2026-14615

Keycloak FGAP v2 implementation flaw exposes child group details via the parent-group children endpoint when FGAP v2 is enabled. The issue occurs because the system does not properly filter child groups by the caller’s per-child permissions, allowing a delegated administrator to view child group ...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 3:47 p.m.9 views

EUVD-2026-41557

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 3:16 p.m.14 views

EUVD-2026-41555

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References2
Nuclei
Nuclei
added 2026/07/03 1:39 p.m.1200 views

Flowise - Remote Code Execution

Flowise 3.0.5 contains a remote code execution vulnerability caused by unsafe evaluation of user input in the CustomMCP node's convertToValidJSONString function, letting remote attackers execute arbitrary code with full Node.js privileges, exploit requires user input to be processed by the...

10CVSS8AI score0.90183EPSS
Exploits21References2
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS0.0061EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:12 a.m.9 views

EUVD-2026-41499

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

6AI score0.0061EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:12 a.m.26 views

CVE-2026-11564

CVE-2026-11564 (libcurl) describes an issue where libcurl keeps previously used connections in a pool and may continue trusting the native CA store after an application switches a handle to custom CA material for a later transfer. The connected sources confirm this behavior across multiple feeds ...

9.1CVSS6AI score0.0061EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/03 6:12 a.m.36 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.0061EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/07/03 6:12 a.m.5 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 1:28 a.m.9 views

CVE-2026-12729

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 2.3.0. This is due to a missing capability check on the domigration function registered as the wedocsmigratebetterdocstowedocs...

4.3CVSS5.6AI score0.00213EPSS
Exploits0References7
Wolfi
Wolfi
added 2026/07/02 8:21 p.m.15 views

CVE-2025-69725 vulnerabilities

Vulnerabilities for packages: custom-pod-autoscaler...

4.7CVSS5.8AI score0.00215EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/02 8:21 p.m.14 views

GHSA-MQQF-5WVP-8FH8 vulnerabilities

Vulnerabilities for packages: custom-pod-autoscaler...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/02 3:43 p.m.2 views

libcurl: libcurl: Certificate validation bypass due to incorrect connection reuse

A flaw was found in curl. When libcurl reuses a connection from its connection pool, an easy handle that initially used default native Certificate Authority CA trust may continue to trust the native platform store. This occurs even after the application has switched that same handle to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References7
NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-57687

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.19 views

CVE-2026-57687

CVE-2026-57687 concerns a SQL Injection vulnerability in the WordPress plugin Custom Field Template (versions

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41296

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57687 WordPress Custom Field Template plugin <= 2.7.8 - SQL Injection vulnerability

Contributor SQL Injection in Custom Field Template = 2.7.8 versions...

8.5CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 8:33 a.m.13 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin (WordPress) is affected up to version 1.5.1.8 by a Stored Cross-Site Scripting flaw in the custom_thumbnail parameter, caused by insufficient input sanitization and output escaping. Exploitation requires shop manager-level access or higher (authent...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
Rows per page
Query Builder