| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-9621 | Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log | - | - | Medium | 5.3 | 2024-10-08 16:26:09 | Deep Dive |
| CVE-2024-41163 | Veertu Anka Build 路径遍历漏洞 | Veertu | Anka Build | High | 7.5 | 2024-10-03 15:16:11 | Deep Dive |
| CVE-2024-39755 | Veertu Anka Build 安全漏洞 | Veertu | Anka Build | High | 7.8 | 2024-10-03 15:16:10 | Deep Dive |
| CVE-2024-41922 | Veertu Anka Build 路径遍历漏洞 | Veertu | Anka Build | High | 7.5 | 2024-10-03 15:16:10 | Deep Dive |
| CVE-2024-8883 | Keycloak: vulnerable redirect uri validation results in open redirec | - | - | Medium | 6.1 | 2024-09-19 15:48:28 | Deep Dive |
| CVE-2024-8698 | Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak | - | - | High | 7.7 | 2024-09-19 15:48:18 | Deep Dive |
| CVE-2023-6841 | Keycloak: amount of attributes per object is not limited and it may lead to dos | - | - | High | 7.5 | 2024-09-10 16:15:33 | Deep Dive |
| CVE-2024-7341 | Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters | - | - | High | 7.1 | 2024-09-09 18:51:14 | Deep Dive |
| CVE-2024-7318 | Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity | - | - | Medium | 4.8 | 2024-09-09 18:50:37 | Deep Dive |
| CVE-2024-7260 | Keycloak-core: open redirect on account page | - | - | Medium | 6.1 | 2024-09-09 18:49:59 | Deep Dive |
| CVE-2024-34158 | Stack exhaustion in Parse in go/build/constraint | Go standard library | go/build/constraint | 中危 | - | 2024-09-06 20:42:43 | Deep Dive |
| CVE-2024-4629 | Keycloak: potential bypass of brute force protection | - | - | Medium | 6.5 | 2024-09-03 19:42:01 | Deep Dive |
| CVE-2024-7885 | Undertow: improper state management in proxy protocol parsing causes information leakage | - | - | High | 7.5 | 2024-08-21 14:13:37 | Deep Dive |
| CVE-2024-3653 | Undertow: learningpushhandler can lead to remote memory dos attacks | - | - | Medium | 5.3 | 2024-07-08 21:21:21 | Deep Dive |
| CVE-2024-5971 | Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket | - | - | High | 7.5 | 2024-07-08 20:51:29 | Deep Dive |
| CVE-2024-6162 | Undertow: url-encoded request path information can be broken on ajp-listener | - | - | High | 7.5 | 2024-06-20 14:33:10 | Deep Dive |
| CVE-2024-5967 | Keycloak: leak of configured ldap bind credentials through the keycloak admin console | - | - | Low | 2.7 | 2024-06-18 12:05:39 | Deep Dive |
| CVE-2023-7264 | Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism | hakeemnala | Build App Online | High | 8.1 | 2024-06-11 03:17:00 | Deep Dive |
| CVE-2024-4540 | Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie | - | - | High | 7.5 | 2024-06-03 15:33:18 | Deep Dive |
| CVE-2023-51479 | WordPress Build App Online plugin <= 1.0.19 - Authenticated Privilege Escalation vulnerability | Abdul Hakeem | Build App Online | High | 8.8 | 2024-05-17 08:43:39 | Deep Dive |