Common Vulnerabilities and Exposures (CVE)

CVE-2026-1035

Jan 21, 2026 05:52:22 UTC

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update...

CVE-2026-1180

Jan 21, 2026 05:52:01 UTC

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without valida...

CVE-2025-7195

Jan 21, 2026 05:51:53 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2024-3727

Jan 21, 2026 05:45:47 UTC

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

CVE-2025-14523

Jan 21, 2026 05:40:28 UTC

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confus...

CVE-2024-0874

Jan 21, 2026 05:28:31 UTC

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

CVE-2025-33231

Jan 21, 2026 04:55:29 UTC

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vu...

CVE-2025-33230

Jan 21, 2026 04:55:27 UTC

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might...

CVE-2025-33229

Jan 21, 2026 04:55:26 UTC

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of...

CVE-2025-33228

Jan 21, 2026 04:55:25 UTC

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A succe...

CVE-2025-33015

Jan 21, 2026 04:55:23 UTC

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.

CVE-2025-14115

Jan 21, 2026 04:55:22 UTC

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic k...

CVE-2026-23876

Jan 21, 2026 04:55:21 UTC

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to writ...

CVE-2026-21223

Jan 21, 2026 04:55:20 UTC

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdEl...

CVE-2026-0900

Jan 21, 2026 04:55:19 UTC

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)