Common Vulnerabilities and Exposures (CVE)
CVE-2026-1035
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update...
CVE-2026-1180
A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without valida...
CVE-2025-7195
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...
CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CVE-2025-14523
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confus...
CVE-2024-0874
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
CVE-2025-33231
NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vu...
CVE-2025-33230
NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might...
CVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of...
CVE-2025-33228
NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A succe...
CVE-2025-33015
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.
CVE-2025-14115
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic k...
CVE-2026-23876
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to writ...
CVE-2026-21223
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdEl...
CVE-2026-0900
Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)