| CVE-2026-6732 | Libxml2: libxml2: denial of service via crafted xsd-validated document | Red Hat | Red Hat Enterprise Linux 10 | Medium | 6.5 | 2026-04-23 22:19:34 | Deep Dive |
| CVE-2026-6857 | Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization | Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | High | 7.5 | 2026-04-22 12:55:01 | Deep Dive |
| CVE-2026-28369 | Undertow: undertow: request smuggling via malformed http request headers | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:06 | Deep Dive |
| CVE-2026-28367 | Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:05 | Deep Dive |
| CVE-2026-28368 | Undertow: undertow: request smuggling via inconsistent header parsing | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | High | 8.7 | 2026-03-27 16:13:04 | Deep Dive |
| CVE-2026-3121 | Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 6.5 | 2026-03-26 19:13:26 | Deep Dive |
| CVE-2026-4874 | Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation | Red Hat | Red Hat Build of Keycloak | Low | 3.1 | 2026-03-26 07:12:38 | Deep Dive |
| CVE-2026-3260 | Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests | Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | Medium | 5.9 | 2026-03-24 04:11:16 | Deep Dive |
| CVE-2026-4628 | Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control | Red Hat | Red Hat Build of Keycloak | Medium | 4.3 | 2026-03-23 08:09:22 | Deep Dive |
| CVE-2026-4366 | Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak | Red Hat | Red Hat Build of Keycloak | Medium | 5.8 | 2026-03-18 04:03:00 | Deep Dive |
| CVE-2026-3234 | Mod_proxy_cluster: mod_proxy_cluster: response body corruption via crlf injection | Red Hat | Red Hat Enterprise Linux 10 | Medium | 4.3 | 2026-03-12 10:54:25 | Deep Dive |
| CVE-2026-3429 | Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 4.2 | 2026-03-11 16:17:24 | Deep Dive |
| CVE-2026-3009 | Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass) | Red Hat | Red Hat build of Keycloak 26.4 | High | 8.1 | 2026-03-05 18:27:43 | Deep Dive |
| CVE-2026-0871 | Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 4.9 | 2026-02-27 07:30:27 | Deep Dive |
| CVE-2026-2733 | Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol | Red Hat | Red Hat build of Keycloak 26.4 | Low | 3.8 | 2026-02-19 07:48:09 | Deep Dive |
| CVE-2026-1757 | Libxml2: memory leak leading to local denial of service in xmllint interactive shell | Red Hat | Red Hat Hardened Images | Medium | 6.2 | 2026-02-02 12:38:15 | Deep Dive |
| CVE-2024-4027 | Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks | Red Hat | OpenShift Serverless | High | 7.5 | 2026-01-30 14:25:54 | Deep Dive |
| CVE-2026-1190 | Org.keycloak/keycloak-services: keycloak saml brokering: response delay due to unchecked notonorafter in subjectconfirmationdata | Red Hat | Red Hat build of Keycloak 26.4 | Low | 3.1 | 2026-01-26 19:36:54 | Deep Dive |
| CVE-2025-14969 | Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect | Red Hat | Red Hat build of Quarkus 3.27.2 | Medium | 4.3 | 2026-01-26 19:36:40 | Deep Dive |
| CVE-2026-0603 | Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection | - | - | High | 8.3 | 2026-01-23 06:31:39 | Deep Dive |