| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-1035 | Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition | Red Hat | Red Hat build of Keycloak 26.4 | Low | 3.1 | 2026-01-21 05:52:22 | Deep Dive |
| CVE-2026-1180 | Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri | Red Hat | Red Hat build of Keycloak 26.4 | Medium | 5.8 | 2026-01-20 12:33:01 | Deep Dive |
| CVE-2026-0992 | Libxml2: libxml2: denial of service via crafted xml catalogs | Red Hat | Red Hat Hardened Images | Low | 2.9 | 2026-01-15 14:20:25 | Deep Dive |
| CVE-2026-0989 | Libxml2: unbounded relaxng include recursion leading to stack overflow | Red Hat | Red Hat Hardened Images | Low | 3.7 | 2026-01-15 14:20:23 | Deep Dive |
| CVE-2026-0990 | Libxml2: libxml2: denial of service via uncontrolled recursion in xml catalog processing | Red Hat | Red Hat Hardened Images | Medium | 5.9 | 2026-01-15 14:20:07 | Deep Dive |
| CVE-2026-0976 | Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths | Red Hat | Red Hat Build of Keycloak | Low | 3.7 | 2026-01-15 12:06:21 | Deep Dive |
| CVE-2025-12543 | Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf | Red Hat | Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11 | Critical | 9.6 | 2026-01-07 16:04:22 | Deep Dive |
| CVE-2024-3884 | Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded | Red Hat | Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 | High | 7.5 | 2025-12-03 18:40:26 | Deep Dive |
| CVE-2025-9784 | Undertow: undertow madeyoureset http/2 ddos vulnerability | - | - | High | 7.5 | 2025-09-02 13:38:00 | Deep Dive |
| CVE-2025-7784 | Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled) | - | - | Medium | 6.5 | 2025-07-18 13:48:46 | Deep Dive |
| CVE-2025-5731 | Infinispan: credential leakage in infinispan cli | Red Hat | infinispan | Medium | 5.5 | 2025-06-26 21:29:00 | Deep Dive |
| CVE-2025-49794 | Libxml: heap use after free (uaf) leads to denial of service (dos) | - | - | Critical | 9.1 | 2025-06-16 15:24:31 | Deep Dive |
| CVE-2025-6170 | Libxml2: stack buffer overflow in xmllint interactive shell command handling | - | - | Low | 2.5 | 2025-06-16 15:24:05 | Deep Dive |
| CVE-2025-49795 | Libxml: null pointer dereference leads to denial of service (dos) | - | - | High | 7.5 | 2025-06-16 15:19:30 | Deep Dive |
| CVE-2025-49796 | Libxml: type confusion leads to denial of service (dos) | - | - | Critical | 9.1 | 2025-06-16 15:14:28 | Deep Dive |
| CVE-2025-6021 | Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2 | - | - | High | 7.5 | 2025-06-12 12:49:16 | Deep Dive |
| CVE-2024-10306 | Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests | - | - | Medium | 5.4 | 2025-04-23 09:59:49 | Deep Dive |
| CVE-2025-2251 | Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution | - | - | Medium | 6.2 | 2025-04-07 14:06:47 | Deep Dive |
| CVE-2024-6875 | Infinispan: infinispan: rest compare api has buffer leak | - | - | Medium | 6.5 | 2025-03-28 20:34:31 | Deep Dive |
| CVE-2024-8176 | Libexpat: expat: improper restriction of xml entity expansion depth in libexpat | - | - | High | 7.5 | 2025-03-14 08:19:49 | Deep Dive |