|
931
|
7.5 |
HIGH
Network
|
sunnyadn
|
js-toml
|
js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigI…
New
|
CWE-400
CWE-407
CWE-1333
Uncontrolled Resource Consumption
Inefficient Algorithmic Complexity
Inefficient Regular Expression Complexity
|
CVE-2026-49293
|
2026-06-26 21:11 |
2026-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/l…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6658
|
2026-06-26 20:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
8.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission ch…
New
|
CWE-1025
Comparison Using Wrong Factors
|
CVE-2026-9800
|
2026-06-26 17:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
4.6 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission reque…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9799
|
2026-06-26 17:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client t…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-9705
|
2026-06-26 17:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to r…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-9099
|
2026-06-26 17:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Unif…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-9086
|
2026-06-26 17:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key …
New
|
CWE-22
Path Traversal
|
CVE-2026-9083
|
2026-06-26 17:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authenticatio…
New
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-49319
|
2026-06-26 16:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
8.8 |
HIGH
Network
|
quest
|
netvault_backup
|
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetV…
New
|
CWE-78
OS Command
|
CVE-2026-9787
|
2026-06-26 14:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
