Lucene search
K

355 matches found

Cvelist
Cvelist
added 2026/03/23 10:53 a.m.26 views

CVE-2026-4633 Keycloak: keycloak: user enumeration via differential error messages

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...

3.7CVSS0.00318EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/23 10:53 a.m.2 views

CVE-2026-4633 Keycloak: keycloak: user enumeration via differential error messages

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...

3.7CVSS5.8AI score0.00318EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27107

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak that allows a remote attacker to determine the existence of users, resulting in information disclosure through user enumeration. This occurs due to differential err...

3.7CVSS5.8AI score0.00318EPSS
Exploits1References13
Packet Storm News
Packet Storm News
added 2026/03/23 12:0 a.m.27 views

Towards Secure Retrieval-Augmented Generation: A Comprehensive Review of Threats, Defenses and Benchmarks

Retrieval-Augmented Generation RAG significantly mitigates the hallucinations and domain knowledge deficiency in large language models by incorporating external knowledge bases. However, the multi-module architecture of RAG introduces complex system-level security vulnerabilities. Guided by the R...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/22 12:0 a.m.13 views

Hardening Confidential Federated Compute against Side-Channel Attacks

In this work, we identify a set of side-channels in our Confidential Federated Compute platform that a hypothetical insider could exploit to circumvent differential privacy DP guarantees. We show how DP can mitigate two of the side-channels, one of which has been implemented in our open-source...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/20 8:55 a.m.6 views

CVE-2026-32766

A flaw was found in astral-tokio-tar, a software component for handling tar archives. This flaw causes malformed PAX Portable Archive eXchange extensions within an archive to be silently ignored. An attacker could leverage this to create a specially crafted archive that, when processed by...

6.3CVSS5.6AI score0.00249EPSS
Exploits0References5
NVD
NVD
added 2026/03/20 12:16 a.m.7 views

CVE-2026-32766

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

6.3CVSS0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 12:16 a.m.8 views

UBUNTU-CVE-2026-32766

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 12:7 a.m.5 views

CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 12:7 a.m.28 views

CVE-2026-32766

CVE-2026-32766 affects astral-tokio-tar

6.3CVSS5.7AI score0.00249EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 12:7 a.m.3 views

CVE-2026-32766

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

6.3CVSS5.7AI score0.00249EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/17 7:49 p.m.6 views

GHSA-6GX3-4362-RF54 astral-tokio-tar insufficiently validates PAX extensions during extraction

Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References5
OSV
OSV
added 2026/03/13 7:54 p.m.6 views

UBUNTU-CVE-2026-31885

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

9.4CVSS5.8AI score0.00263EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/13 5:38 p.m.31 views

CVE-2026-31885 FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. This vulnerability is fixed in 3.24.0...

6.5CVSS0.00263EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

FreeRDP 缓冲区错误漏洞

FreeRDP is an open-source implementation of the Remote Desktop Protocol RDP by the FreeRDP team. Versions of FreeRDP prior to 3.24.0 contained a buffer error vulnerability. This vulnerability stemmed from the lack of checks on the predictor and stepindex values in the input data by the MS-ADPCM a...

9.4CVSS6AI score0.00263EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/11 5:31 p.m.6 views

SUSE CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

3.7CVSS5.8AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/05 9:41 p.m.5 views

EUVD-2025-208311

org.eclipse.jetty:jetty-http has different parsing of invalid URIs...

3.7CVSS5.9AI score0.00159EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/05 12:36 p.m.5 views

CVE-2025-11143

A flaw was found in org.eclipse.jetty. The Jetty URI parser handles invalid or unusual Uniform Resource Identifiers URIs differently compared to other common parsers. This discrepancy, known as differential parsing, can lead to security bypasses in systems that use multiple components to process...

6.5CVSS5.8AI score0.00159EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 10:15 a.m.2 views

DEBIAN-CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS7.7AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 10:15 a.m.11 views

CVE-2025-11143

The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently fr...

6.5CVSS0.00159EPSS
Exploits0References1
Rows per page
Query Builder