|
411
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect (OIDC) clie…
Update
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-7571
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
412
|
7.5 |
HIGH
Network
|
-
|
-
|
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim i…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-7507
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
413
|
8.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentiall…
Update
|
CWE-601
Open Redirect
|
CVE-2026-7504
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
414
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high …
Update
|
CWE-1286
Improper Validation of Syntactic Correctness of Input
|
CVE-2026-7307
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
415
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtai…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-4630
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
416
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering
The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFil…
Update
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-47323
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
417
|
8.8 |
HIGH
Network
|
apache
|
ofbiz
|
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz.
This issue affects Ap…
Update
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-46586
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
418
|
9.8 |
CRITICAL
Network
|
apache
|
ofbiz
|
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgr…
Update
|
CWE-287
Improper Authentication
|
CVE-2026-45434
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
419
|
7.8 |
HIGH
Local
|
tabby
|
tabby
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code …
Update
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2026-45038
|
2026-05-21 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
420
|
7.0 |
HIGH
Local
|
tabby
|
tabby
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us…
Update
|
CWE-78
OS Command
|
CVE-2026-45036
|
2026-05-21 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
