|
1971
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-9794
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1972
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, in…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-9795
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1973
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-9796
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1974
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client cr…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-9798
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1975
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromi…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-9801
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1976
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, w…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-9802
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1977
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authori…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9803
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1978
|
7.0 |
HIGH
Local
|
-
|
-
|
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts t…
|
CWE-78
OS Command
|
CVE-2026-44604
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1979
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing …
|
CWE-59
Link Following
|
CVE-2026-9804
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1980
|
5.4 |
MEDIUM
Network
|
apache
|
shiro
|
With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro.
This issue affects Apache Shiro from 2.0-alpha…
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2026-44598
|
2026-05-28 22:44 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
