6 vulnerabilities classified as CWE-551 (不正确的行为次序:在解析与净化处理之前进行授权). AI Chinese analysis included.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4636 | Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources. — Red Hat build of Keycloak 26.2 | 8.1 | High | 2026-04-02 |
| CVE-2016-20030 | ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction — ZKTeco ZKBioSecurity | 9.8 | Critical | 2026-03-15 |
| CVE-2026-0707 | Keycloak: keycloak authorization header parsing leading to potential security control bypass — Red Hat build of Keycloak 26.4 | 5.3 | Medium | 2026-01-08 |
| CVE-2023-23924 | URI validation failure on SVG parsing in Dompdf — dompdf | 10.0 | Critical | 2023-01-31 |
| CVE-2021-32779 | Incorrectly handling of URI '#fragment' element as part of the path element — envoy | 8.6 | High | 2021-08-24 |
| CVE-2021-32777 | Incorrect concatenation of multiple value request headers in ext-authz extension — envoy | 8.6 | High | 2021-08-24 |
Vulnerabilities classified as CWE-551 (不正确的行为次序:在解析与净化处理之前进行授权) represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.