Lucene search
K

48006 matches found

EUVD
EUVD
added 4 days ago4 views

EUVD-2026-41829

Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks... with only the subject-exists check and the realm-URL issuer check. Keycloak's...

9.8CVSS6AI score0.00411EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-10830

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an existing user before overwriting that user's password, allowing unauthenticated attackers to reset the password of arbitrary...

8.8CVSS6AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

BIT-MASTODON-2026-50128 Mastodon: Spoofing of attribution domains

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS6AI score0.00129EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago6 views

nodejs: Node.js: Certification validation bypass in TLS host verification

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS5.9AI score0.00258EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago11 views

Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6AI score0.02806EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 4 days ago8 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6AI score0.00939EPSS
Exploits0References8
OSV
OSV
added 4 days ago5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
OSV
OSV
added 4 days ago4 views

ALSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

9.8CVSS5.9AI score0.02806EPSS
Exploits1References28
OSV
OSV
added 4 days ago5 views

ALSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56065

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description Two flaws in the OIDC login process allow for account takeover. The first issue occurs when email-based us...

7.4CVSS6AI score0.00479EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-55908

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper authentication and a failure to fail securely in the Apache Camel Keycloak component allow unauthenticated access to protected routes...

9.8CVSS6.3AI score0.00619EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56080

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The AI Bridge Proxy aibridgeproxyd creates a goproxy server that, by default, sets InsecureSkipVerify: true. In...

7.4CVSS5.9AI score0.00258EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-55976

Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.20.0 through 4.10.x Description OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. A flaw in the subkey rollback...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References6
NVD
NVD
added 5 days ago10 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 5 days ago17 views

CVE-2026-14781

A flaw in Keycloak’s OIDC broker (org.keycloak.broker.oidc) causes incorrect synchronization of the email_verified claim. When trustEmail=true and the userinfo endpoint is enabled, Keycloak uses email from userinfo but takes email_verified from the id_token without validating that it corresponds ...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41732

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago12 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-14630

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-14630

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder