6963 matches found
CVE-2026-14124
CVE-2026-14124 affects Google Chrome on Windows, prior to version 150.0.7871.47, where an inappropriate CredentialProvider implementation enables a local attacker to achieve OS-level privilege escalation via a malicious file. Root cause: flawed CredentialProvider handling in Chrome on Windows. Af...
CVE-2026-12388
A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...
EUVD-2026-40305
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...
CVE-2026-8451
CVE-2026-8451 describes insufficient input validation in NetScaler ADC and NetScaler Gateway, causing a memory overread when configured as a SAML IDP. Affected products are NetScaler ADC and NetScaler Gateway; root cause is input validation weaknesses leading to memory overread. The CVSS metrics ...
CVE-2026-8451 Insufficient input validation leading to memory overread
Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...
CVE-2026-12388 Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper
A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...
CVE-2026-12388
CVE-2026-12388 affects Keycloak’s Identity Provider (IdP) mapper component. A restricted administrator can abuse a misconfigured or specifically a Hardcoded Role mapper to assign high-privilege roles (e.g., realm-admin) to themselves or other users, bypassing security checks and gaining full cont...
EUVD-2026-40301
A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...
EUVD-2026-40297
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...
Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery
The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-rds, kueue-fips, crossplane-provider-aws-secretsmanager, crossplane-provider-aws-s3-fips, agentbeat-fips, crossplane-provider-azure-storagesync, crossplane-provider-aws-dynamodb, crossplane-provider-aws-route53resolver,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: kine, zot, istio, tekton-pipelines, gitlab-kas, argo-workflows-fips, frankenphp-8.5, trivy-operator, rancher-agent, trivy-fips, seaweedfs-rocksdb, kyverno-fips, seaweedfs-rocksdb-fips, zarf, frankenphp-8.4, containerd, skaffold-fips, coder, backup-restore-operator,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: chisel, k9s, cert-manager, kubernetes-dashboard, zot, nerdctl, skaffold, opentelemetry-collector, cilium-cli, helm, osv-scanner, containerd, spire-server, cloud-provider-aws, kubescape, flux, gitlab-kas, flux-source-controller, prometheus-operator, kine, mattermost,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: gomplate, chisel, k8sgpt, argo-events, k9s, mods, guac, nerdctl, podman, cilium-cli, falcoctl, osv-scanner, act, crossplane-provider-azure-storage, eksctl, docker-cli-buildx, pulumi-kubernetes-operator, cloud-provider-aws, kubescape, flux-source-controller,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: cert-manager, kubernetes-dashboard, zot, nerdctl, podman, opentelemetry-collector, cilium-cli, helm, docker-cli-buildx, containerd, spire-server, cloud-provider-aws, flux, gitlab-kas, prometheus-operator, kine, mattermost, argo-cd, teleport, rancher-agent, kubernetes...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: gomplate, k9s, argo-events, guac, nerdctl, podman, cilium-cli, osv-scanner, act, docker-cli-buildx, pulumi-kubernetes-operator, cloud-provider-aws, kubescape, flux-source-controller, prometheus-operator, external-secrets-operator, scorecard, kubernetes,...
CVE-2026-56823
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...
EUVD-2026-39797
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...
CVE-2026-56823 AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...
CVE-2026-56823
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the POST /api/integrations/webhooks/webhookid/ping endpoint fetches the target webhook by primary key alone without verifying that the webhook belongs to the...