| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-4029 | Wildfly: no timeout for eap management interface may lead to denial of service (dos) | - | - | Medium | 4.1 | 2024-05-02 14:55:27 | Deep Dive |
| CVE-2024-1726 | Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service | - | - | Medium | 5.3 | 2024-04-25 16:29:05 | Deep Dive |
| CVE-2024-1102 | Jberet: jberet-core logging database credentials | - | - | Medium | 6.5 | 2024-04-25 16:24:30 | Deep Dive |
| CVE-2023-6787 | Keycloak: session hijacking via re-authentication | - | - | Medium | 6.5 | 2024-04-25 16:02:33 | Deep Dive |
| CVE-2023-6717 | Keycloak: xss via assertion consumer service url in saml post-binding flow | - | - | Medium | 6.0 | 2024-04-25 16:02:03 | Deep Dive |
| CVE-2023-6544 | Keycloak: authorization bypass | - | - | Medium | 5.4 | 2024-04-25 15:58:47 | Deep Dive |
| CVE-2023-6484 | Keycloak: log injection during webauthn authentication or registration | - | - | Medium | 5.3 | 2024-04-25 15:58:18 | Deep Dive |
| CVE-2023-5675 | Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used. | - | - | Medium | 6.5 | 2024-04-25 15:44:56 | Deep Dive |
| CVE-2023-3597 | Keycloak: secondary factor bypass in step-up authentication | - | - | Medium | 5.0 | 2024-04-25 12:20:12 | Deep Dive |
| CVE-2023-51478 | WordPress Build App Online plugin <= 1.0.19 - Unauthenticated Account Takeover vulnerability | Abdul Hakeem | Build App Online | Critical | 9.8 | 2024-04-25 07:56:35 | Deep Dive |
| CVE-2024-2419 | Keycloak: path traversal in the redirect validation | - | - | High | 7.1 | 2024-04-17 13:23:35 | Deep Dive |
| CVE-2024-1249 | Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos | - | - | High | 7.4 | 2024-04-17 13:22:48 | Deep Dive |
| CVE-2024-1132 | Keycloak: path transversal in redirection validation | - | - | High | 8.1 | 2024-04-17 13:21:19 | Deep Dive |
| CVE-2024-1812 | Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url | wpeverest | Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder | High | 7.2 | 2024-04-09 18:59:24 | Deep Dive |
| CVE-2024-2700 | Quarkus-core: leak of local configuration properties into quarkus applications | - | - | High | 7.0 | 2024-04-04 13:46:40 | Deep Dive |
| CVE-2024-1300 | Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support | - | - | Medium | 5.4 | 2024-04-02 07:33:05 | Deep Dive |
| CVE-2024-1023 | Io.vertx/vertx-core: memory leak due to the use of netty fastthreadlocal data structures in vertx | - | - | Medium | 6.5 | 2024-03-27 07:51:16 | Deep Dive |
| CVE-2023-5685 | Xnio: stackoverflowexception when the chain of notifier states becomes problematically big | Red Hat | Red Hat build of Apache Camel 4.4.0 for Spring Boot | High | 7.5 | 2024-03-22 18:24:43 | Deep Dive |
| CVE-2024-1979 | Quarkus: information leak in annotation | - | - | Low | 3.5 | 2024-03-13 09:41:25 | Deep Dive |
| CVE-2024-28156 | Jenkins Build Monitor View Plugin 安全漏洞 | Jenkins Project | Jenkins Build Monitor View Plugin | - | - | 2024-03-06 17:01:59 | Deep Dive |