CVE-2026-9704

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

CVE-2026-9277

CVE-2026-9277 affects the shell-quote library: the quote() function did not validate object-token shapes against the parser’s operator model, allowing line terminators in the .op field to bypass escaping and potentially enable command injection. Exploitation paths include direct construction of {...

PT-2026-42766

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls. The validation of extensible ioctls is performed more strictly than currently practiced...

CVE-2026-0707

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

CVE-2025-40217

CVE-2025-40217 affects the Linux kernel pidfs code, with a fix that enforces stricter validation of extensible ioctls. The vulnerability is resolved in the published update, and current connected documents only confirm a kernel-level mitigation; no exploitation or active exploit details are provi...

EUVD-2025-22089

Malicious code in bioql PyPI...

CVE-2025-30192 A Recursor configured to send out ECS enabled queries can be sensitive to spoofing attempts

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter...

powerdns-recursor -- cache pollution

PowerDNS Team reports: An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and...

GHSA-GVGG-2R3R-53X7 Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims

This vulnerability is caused by the improper mapping of users to organizations based solely on email/username patterns. The issue is limited to the token claim level, meaning the user is not truly added to the organization but may appear as such in applications relying on these claims. The risk...

Information disclosure

TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet cou...

openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT

A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is t...

GHSA-Q76J-58CX-WP5V Vulnerability in RPKI manifest validation

A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed. An attacker successfully exploiting this vulnerability could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit thi...

PT-2020-14786 · Ripe Ncc · Ripe Ncc Rpki Validator

Name of the Vulnerable Software and Affected Versions: RIPE NCC RPKI Validator versions 3.x through 3.1-2020.07.06.14.28 Description: The issue allows remote attackers to bypass intended access restrictions or cause a denial of service on dependent routing systems by strategically withholding RPK...

Kartpay: Application Design issue for Phone Number field in Registration.

The current system only works for India so ISD Code of India i.e +91 is mandatory for Registration. During the Registration system was accepting any country ISD code due to Request was not validated by the system instead whatever sent through client-side modification is accepted. So the Strict...

SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass

SEC Consult Vulnerability Lab Security Advisory 20121017-0 ======================================================================= title: ModSecurity multipart/invalid part ruleset bypass product: ModSecurity vulnerable version: = 2.6.8 fixed version: 2.7.0 CVE number: - impact: Depends what you...