|
4341
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercep…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2026-37982
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4342
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) r…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-37981
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4343
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attac…
|
CWE-284
Improper Access Control
|
CVE-2026-37979
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4344
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) para…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-37978
|
2026-05-21 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4345
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
|
CWE-78
OS Command
|
CVE-2026-37281
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4346
|
10.0 |
CRITICAL
Network
|
-
|
-
|
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Executi…
|
CWE-78
CWE-284
OS Command
Improper Access Control
|
CVE-2026-34234
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4347
|
7.1 |
HIGH
Network
|
-
|
-
|
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mas…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-32741
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4348
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object funct…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31072
|
2026-05-21 02:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4349
|
9.8 |
CRITICAL
Network
|
nvidia
|
triton_inference_server
|
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution,…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-24214
|
2026-05-21 02:13 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4350
|
7.5 |
HIGH
Network
|
adobe
|
commerce
commerce_b2b
magento
|
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34649
|
2026-05-21 02:13 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
