21 matches found
CVE-2026-9088
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...
CVE-2026-9064
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
Oracle WebLogic Server 安全漏洞
Oracle WebLogic Server is an application service middleware offered by Oracle Corporation in the United States. It serves both cloud and traditional environments. This product provides a modern, lightweight development platform that supports the entire lifecycle management of applications, from...
Microsoft Bing 安全漏洞
Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Bing, which stems from a flaw in Microsoft’s cloud services. Attackers can exploit this vulnerability to gain higher privileges...
SHARP多款产品 访问控制错误漏洞
Sharp HR02 is a product of Japanese company Sharp. The Sharp HR02 is a home router. The Sharp SH-52B is a wireless local area network connection station. The Sharp SH-54C is also a wireless local area network connection station. Several Sharp products have vulnerabilities related to access contro...
Dell Display and Peripheral Manager 后置链接漏洞
Dell Display and Peripheral Manager is a peripheral management software developed by the American company Dell. Versions of Dell Display and Peripheral Manager prior to version 2.2 had a backlink vulnerability. This vulnerability stemmed from improper link resolution in the installer and services...
UBUNTU-CVE-2025-14559
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...
CVE-2025-14559 Org.keycloak/keycloak-services: keycloak keycloak-services: business logic flaw allows unauthorized token issuance for disabled users
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...
EUVD-2026-3686
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...
PT-2026-3753
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the keycloak-services component of Keycloak. This issue allows the issuance of access and refresh tokens for disabled users, potentially leading to unauthorized use of...
PT-2025-46374
Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework contains a flaw within the bert services component. An attacker could craft malicious data that leads to code injection. Exploitation of this issue may...
CVE-2025-23312
NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure...
CVE-2025-29968
Improper input validation in Active Directory Certificate Services AD CS allows an authorized attacker to deny service over a network...
UNISOC chipset 安全漏洞
UNISOC chipset is an integrated circuit chipset from China's Unisoc Corporation. A security vulnerability exists in UNISOC chipset due to a lack of privilege checking in unit services, which can be exploited by an attacker to cause a local denial of service in the kernel...
The vulnerability of the web component of the Essbase Analytic Provider Services allows a perpetrator to trigger a service failure.
The vulnerability of the Essbase Analytic Provider Services web component is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2021-25654
An arbitrary code execution vulnerability was discovered in Avaya Aura Device Services that may potentially allow a local user to execute specially crafted scripts. Affects 7.0 through 8.1.4.0 versions of Avaya Aura Device Services...
The vulnerability of the Web Services component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to the device.
The vulnerability of the Web Services component of the Oracle WebLogic Server application server exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through network IIOP and T3...
Oracle WebLogic Server Component Information Disclosure Vulnerability (CNVD-2019-27107)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle. The platform provides middleware, software collection, etc. WebLogic Server is one of the application server components for cloud and traditional...
Oracle WebLogic Server Multiple Vulnerabilities (April 2017 CPU)
The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts component due to improper handling of multithreaded access to an ActionForm instance. An unauthenticated, remote attacke...
USN-2866-1 firefox vulnerability
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...