CVE-2026-4282

CVE-2026-4282 describes a flaw in Keycloak where the SingleUseObjectProvider is not properly isolated by type and namespace. An unauthenticated attacker can forge authorization codes, potentially leading to creation of admin-capable access tokens and privilege escalation. The available documents ...

CVE-2026-34889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4...

SUSE CVE-2026-5279

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-4947

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

PT-2026-29729

Name of the Vulnerable Software and Affected Versions Red Hat build of Keycloak version 26.2 Description A flaw exists in the SingleUseObjectProvider, which serves as a global key-value store, due to a lack of proper type and namespace isolation. This allows an unauthenticated attacker to forge...

PT-2026-29916

The restoreTenant admin mutation is missing from the authorization middleware config admin.go:499-522, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication, restoreTenant executes with zero middleware. This mutation accepts...

Fixed in Apache Tomcat 10.1.54

Moderate: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled CVE-2026-34500 CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used. This was fixed with commit 29b56a56. This issue was reported to the Tomcat security...

XMLDOM 安全漏洞

XMLDOM is a JavaScript implementation of the W3C DOM for Node developed by jindw. Versions of XMLDOM prior to 0.6.0, 0.8.12, and 0.9.9 contain security vulnerabilities. These vulnerabilities stem from allowing attackers to insert controlled strings into CDATASection nodes, potentially leading to...

EUVD-2026-17610

lodash vulnerable to Code Injection via .template imports key names...

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

GHSA-G4PP-FHGF-8653 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Pages Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Page Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Pages to navigation menus throu...

EUVD-2026-18070

CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

CVE-2026-4800

A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...

CVE-2026-34561 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...

DEBIAN-CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Summary The ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. The problem? It didn’t check if the "keys" in the file were valid. Because it blindly trusted the file, an attacker could craft a...

GHSA-538C-55JV-C5G9 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Summary The ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. The problem? It didn’t check if the "keys" in the file were valid. Because it blindly trusted the file, an attacker could craft a...

OpenSTAManager Affected by Remote Code Execution via Insecure Deserialization in OAuth2

Description The oauth2.php file in OpenSTAManager is an unauthenticated endpoint $skippermissions = true. It loads a record from the zzoauth2 table using the attacker-controlled GET parameter state, and during the OAuth2 configuration flow calls unserialize on the accesstoken field without any...

CVE-2026-34043

A flaw was found in serialize-javascript. An attacker can exploit this vulnerability by providing a specially crafted "array-like" object with an excessively large length property during the serialization process. This action causes the application to enter an intensive loop, leading to 100% CPU...

CVE-2026-3139

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.15.5 via the wppbsaveavatarvalue function due to missing validation on a user controlled key...