| CVE-2026-5347 | WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter | mhmrajib | WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes | Medium | 5.3 | 2026-04-24 05:29:38 | Deep Dive |
| CVE-2026-6857 | Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization | Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | High | 7.5 | 2026-04-22 12:55:01 | Deep Dive |
| CVE-2026-37980 | Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page | Red Hat | Red Hat Build of Keycloak | Medium | 6.9 | 2026-04-14 14:54:43 | Deep Dive |
| CVE-2026-37977 | Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim | Red Hat | Red Hat Build of Keycloak | Low | 3.7 | 2026-04-06 08:38:37 | Deep Dive |
| CVE-2026-4636 | Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources. | Red Hat | Red Hat build of Keycloak 26.2 | High | 8.1 | 2026-04-02 12:45:02 | Deep Dive |
| CVE-2026-4634 | Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters | Red Hat | Red Hat build of Keycloak 26.2 | High | 7.5 | 2026-04-02 12:44:53 | Deep Dive |
| CVE-2026-4282 | Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw | Red Hat | Red Hat build of Keycloak 26.2 | High | 7.4 | 2026-04-02 12:44:53 | Deep Dive |
| CVE-2026-4325 | Keycloak: keycloak: replay of action tokens via improper handling of single-use entries | Red Hat | Red Hat build of Keycloak 26.2 | Medium | 5.3 | 2026-04-02 12:44:53 | Deep Dive |
| CVE-2026-3872 | Keycloak: keycloak: information disclosure due to redirect_uri validation bypass | Red Hat | Red Hat build of Keycloak 26.2 | High | 7.3 | 2026-04-02 12:37:31 | Deep Dive |
| CVE-2025-15612 | Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE | Wazuh | Wazuh Provisioning Scripts (Agent Build Environment) | Medium | 4.8 | 2026-03-27 18:16:11 | Deep Dive |
| CVE-2026-28369 | Undertow: undertow: request smuggling via malformed http request headers | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:06 | Deep Dive |
| CVE-2026-28367 | Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:05 | Deep Dive |
| CVE-2026-28368 | Undertow: undertow: request smuggling via inconsistent header parsing | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:04 | Deep Dive |
| CVE-2026-3121 | Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 6.5 | 2026-03-26 19:13:26 | Deep Dive |
| CVE-2026-3190 | Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 4.3 | 2026-03-26 19:12:38 | Deep Dive |
| CVE-2026-4874 | Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation | Red Hat | Red Hat Build of Keycloak | Low | 3.1 | 2026-03-26 07:12:38 | Deep Dive |
| CVE-2026-3260 | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | Medium | 5.9 | 2026-03-24 04:11:16 | Deep Dive |
| CVE-2026-4633 | Keycloak: keycloak: user enumeration via differential error messages | Red Hat | Red Hat Build of Keycloak | Low | 3.7 | 2026-03-23 10:53:36 | Deep Dive |
| CVE-2026-4628 | Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control | Red Hat | Red Hat Build of Keycloak | Medium | 4.3 | 2026-03-23 08:09:22 | Deep Dive |
| CVE-2026-3651 | Build App Online <= 1.0.23 - Missing Authorization to Arbitrary Post Author Modification via 'build-app-online-update-vendor-product' AJAX Action | hakeemnala | Build App Online | Medium | 5.3 | 2026-03-21 03:26:47 | Deep Dive |