Common Vulnerabilities and Exposures (CVE)

CVE-2026-7507

Jun 30, 2026 12:10:57 UTC

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. ...

CVE-2026-7568

Jun 30, 2026 12:10:56 UTC

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If...

CVE-2026-7598

Jun 30, 2026 12:10:55 UTC

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. Th...

CVE-2026-8357

Jun 30, 2026 12:10:54 UTC

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small fo...

CVE-2026-8390

Jun 30, 2026 12:10:53 UTC

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

CVE-2026-8461

Jun 30, 2026 12:10:53 UTC

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the ...

CVE-2026-8631

Jun 30, 2026 12:10:53 UTC

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups proc...

CVE-2026-8632

Jun 30, 2026 12:10:52 UTC

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection.

CVE-2026-9086

Jun 30, 2026 12:10:51 UTC

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation....

CVE-2026-9256

Jun 30, 2026 12:10:51 UTC

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captur...

CVE-2026-9099

Jun 30, 2026 12:10:50 UTC

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Gra...

CVE-2026-9277

Jun 30, 2026 12:10:50 UTC

shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line termina...

CVE-2026-9795

Jun 30, 2026 12:10:50 UTC

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a cli...

CVE-2026-9800

Jun 30, 2026 12:10:49 UTC

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-...

CVE-2026-9804

Jun 30, 2026 12:10:49 UTC

A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport directory endpoint. By placing a symbolic link (symlink) within an expor...