CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4628

Keycloak contains an improper access control flaw in the UMA resource_set endpoint. The vulnerability arises from incomplete enforcement of access checks on PUT operations, allowing authenticated users to bypass allowRemoteResourceManagement=false and modify protected resources, compromising data...

CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4565

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used...

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token validation on the setPermission.json.php endpoint, which could...

PT-2026-27067

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resource set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control...

ROS-20260323-73-0009

A vulnerability in the cachesetflush function of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Siemens SIMATIC S7-1500 NULL Pointer Dereference(CVE-2025-38214)

In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in fbsetvar fails to allocate memory for fbvideomode, later it may lead to a null-ptr dereference in fbvideomodetovar, as the fbinfo is registere...

CVE-2026-4555

A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The...

CVE-2026-4534

A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used...

SUSE CVE-2026-23272

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...

SUSE CVE-2026-23277

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave devices, but does not update skb-dev to the slave device beforehand. When a...

SUSE CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

Tenda FH451 安全漏洞

The Tenda FH451 is a router produced by the Chinese company Tenda. Version 1.0.0.9 of the Tenda FH451 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter GO in the function formWrlExtraSet within the file/goform/WrlExtraSet, which may lead to a...

EUVD-2026-14165

Signal K set-system-time plugin vulnerable to RCE - Command Injection...

Linux Distros Unpatched Vulnerability : CVE-2026-32711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the setderivedvalues function of the picparameterset component when processing a malformed H.265 PPS NAL unit. An attacker can cause a segmentation fault and crash the application by supplying specially...