| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-1657 | Platform: insecure websocket used when interacting with eda server | - | - | High | 8.1 | 2024-04-25 16:28:38 | Deep Dive |
| CVE-2024-1139 | Cluster-monitoring-operator: credentials leak | - | - | High | 7.7 | 2024-04-25 16:25:01 | Deep Dive |
| CVE-2024-1102 | Jberet: jberet-core logging database credentials | - | - | Medium | 6.5 | 2024-04-25 16:24:30 | Deep Dive |
| CVE-2024-0874 | Coredns: cd bit response is cached and served later | - | - | Medium | 5.3 | 2024-04-25 16:22:44 | Deep Dive |
| CVE-2023-6787 | Keycloak: session hijacking via re-authentication | - | - | Medium | 6.5 | 2024-04-25 16:02:33 | Deep Dive |
| CVE-2023-6717 | Keycloak: xss via assertion consumer service url in saml post-binding flow | - | - | Medium | 6.0 | 2024-04-25 16:02:03 | Deep Dive |
| CVE-2023-6596 | Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325) | - | - | High | 7.5 | 2024-04-25 16:00:24 | Deep Dive |
| CVE-2023-6544 | Keycloak: authorization bypass | - | - | Medium | 5.4 | 2024-04-25 15:58:47 | Deep Dive |
| CVE-2023-6484 | Keycloak: log injection during webauthn authentication or registration | - | - | Medium | 5.3 | 2024-04-25 15:58:18 | Deep Dive |
| CVE-2023-5675 | Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used. | - | - | Medium | 6.5 | 2024-04-25 15:44:56 | Deep Dive |
| CVE-2023-3597 | Keycloak: secondary factor bypass in step-up authentication | - | - | Medium | 5.0 | 2024-04-25 12:20:12 | Deep Dive |
| CVE-2023-3758 | Sssd: race condition during authorization leads to gpo policies functioning inconsistently | - | - | High | 7.1 | 2024-04-18 19:06:44 | Deep Dive |
| CVE-2024-2419 | Keycloak: path traversal in the redirect validation | - | - | High | 7.1 | 2024-04-17 13:23:35 | Deep Dive |
| CVE-2024-1249 | Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos | - | - | High | 7.4 | 2024-04-17 13:22:48 | Deep Dive |
| CVE-2024-1132 | Keycloak: path transversal in redirection validation | - | - | High | 8.1 | 2024-04-17 13:21:19 | Deep Dive |
| CVE-2024-1481 | Freeipa: specially crafted http requests potentially lead to denial of service | - | - | Medium | 5.3 | 2024-04-10 20:39:31 | Deep Dive |
| CVE-2024-3567 | Qemu-kvm: net: assertion failure in update_sctp_checksum() | - | - | Medium | 5.5 | 2024-04-10 14:32:02 | Deep Dive |
| CVE-2023-6236 | Eap: oidc app attempting to access the second tenant, the user should be prompted to log | Red Hat | Red Hat JBoss Enterprise Application Platform 8 | High | 7.3 | 2024-04-10 01:04:54 | Deep Dive |
| CVE-2024-3446 | Qemu: virtio: dma reentrancy issue leads to double free vulnerability | Red Hat | Red Hat Enterprise Linux 8 | High | 8.2 | 2024-04-09 19:34:46 | Deep Dive |
| CVE-2024-1233 | Eap: wildfly-elytron has a ssrf security issue | - | - | High | 7.3 | 2024-04-09 07:01:48 | Deep Dive |