Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

CVE-2025-14083

CVE-2025-14083 concerns the Keycloak Admin REST API, where an improper access-control flaw allows exposure of backend schema and rules. Affected component: Keycloak Admin REST API; consequence: potential information disclosure and targeted privilege-escalation paths via exposed internal configura...

CVE-2025-14083

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

CVE-2025-14083 Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

EUVD-2026-3683

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

PT-2026-3762

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

Keycloak Access Control Vulnerability

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a vulnerability related to access control, which can expose the backend architecture and rules. This vulnerability may lead to improper access control, potentially allowing targeted attacks or...

CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

MiracleLinux 8 : NetworkManager-1.40.16-18.el8_10.ML.1 (AXSA:2025-9552:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9552:02 advisory. Security and Bug Fixes: NetworkManager: DHCP routing options can manipulate interface-based VPN traffic CVE-2024-3661 Route to VPN server not stored in routi...

MiracleLinux 7 : firefox-68.10.0-1.0.1.el7.AXS7 (AXSA:2020-210:14)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-210:14 advisory. Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 CVE-2020-12417 Mozilla: Information disclosure due to manipulated URL...

CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

EUVD-2026-3217

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

kernel: drm/xe: Make dma-fences compliant with the safe access rules

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated submit queue. At t...

PT-2026-3442

Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2025.3.1 through 2025.3.12 Description An incorrect authorization issue exists in the virtual gateway component of Devolutions Server. This allows attackers to bypass deny IP rules. Recommendations Update Devolution...

RHEL 9 : kernel (RHSA-2026:0793)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0793 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/xe: Make dma-fences...

CVE-2026-23769

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files...