0x240x23elu

2 exploits Active since Nov 2020
CVE-2020-28948 NOMISEC HIGH WRITEUP
Archive_Tar < 1.4.11 - Deserialization of Untrusted Data via PHAR Case Bypass
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
6 stars
CVSS 7.8
CVE-2026-1529 NOMISEC HIGH WORKING POC
Keycloak 26.5.0-26.5.2 - Unauthenticated Organization Access via JWT Invitation Token Tampering
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.
1 stars
CVSS 8.1