redhat

5,762 tracked vulnerabilities.

CVE-2026-9794 MEDIUM
Keycloak: keycloak: information disclosure via saml ecp endpoint
May 28, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-9793 MEDIUM
Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing
May 28, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-9792 MEDIUM
Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9791 MEDIUM
Keycloak-rhel9: organization data leak after feature disabled in keycloak
May 28, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-9704 MEDIUM
Keycloak: keycloak: privilege escalation due to oversized subject_token jwt
May 27, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-2340 MEDIUM
Samba: vfs_worm does not block directory modification
May 27, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-1933 HIGH
Samba: missing access check on reparse point operations
May 27, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-9689 MEDIUM
Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604
May 27, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-3012 HIGH
Samba: group policy certificate enrollment uses http:// without validation
May 27, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-48864 HIGH
Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
May 26, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-4480 CRITICAL NUCLEI
Samba: samba: remote code execution in printing subsystem via unescaped job description
May 26, 2026
CVSS 9.0
EPSS 0.13
CVE-2026-9149 MEDIUM
Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
May 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9150 MEDIUM
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9087 MEDIUM
Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login
May 20, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-9064 HIGH
Red Hat Directory Server - LDAP Controls Denial of Service
May 20, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-7571 HIGH
Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client data
May 19, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-7507 HIGH
Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover
May 19, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-7504 HIGH
Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak
May 19, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-7307 HIGH
Keycloak: keycloak: denial of service via specially crafted saml input
May 19, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-4630 MEDIUM
Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference
May 19, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-37982 MEDIUM
Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay
May 19, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-37981 MEDIUM
Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint
May 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-37979 MEDIUM
Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypass
May 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-37978 MEDIUM
Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api
May 19, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-8922 MEDIUM
Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services
May 19, 2026
CVSS 5.4
EPSS 0.00