|
1391
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-9796
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client cr…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-9798
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromi…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-9801
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, w…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-9802
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authori…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9803
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
7.0 |
HIGH
Local
|
-
|
-
|
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts t…
|
CWE-78
OS Command
|
CVE-2026-44604
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
9.0 |
CRITICAL
Network
|
-
|
-
|
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is config…
|
CWE-78
OS Command
|
CVE-2026-4408
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing …
|
CWE-59
Link Following
|
CVE-2026-9804
|
2026-05-28 22:44 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
5.4 |
MEDIUM
Network
|
apache
|
shiro
|
With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro.
This issue affects Apache Shiro from 2.0-alpha…
|
CWE-601
CWE-918
Open Redirect
Server-Side Request Forgery (SSRF)
|
CVE-2026-44598
|
2026-05-28 22:44 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied con…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44708
|
2026-05-28 22:44 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
