Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

307 New today

65,584 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

294

Jun 23

355

Jun 24

297

Jun 25

Critical

High

Medium

Low

Latest

CVE CVSS 4.6

Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass_CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain ...

CVE-2026-9799 Red Hat Red Hat Build of Keycloak

Jun 25, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-9705	Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token_CVE-2026-9705 A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), coul...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-9099	Keycloak: group-admin escalation to realm-admin_CVE-2026-9099 A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authentica...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
HIGH 7.3	CVE-2026-9086	Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass_CVE-2026-9086 A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to cli...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
MEDIUM 4.9	CVE-2026-9083	Keycloak: keycloak: information disclosure through arbitrary filesystem path probing_CVE-2026-9083 A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesyst...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
CRITICAL 9.2	CVE-2026-56123	socat 1.8.0.0 – 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser_CVE-2026-56123 socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite ...	socat	socat 1.8.0.0	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-55439	Halo: Path Traversal in Backup Download Leads to Arbitrary File Read_CVE-2026-55439 Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated ...	halo-dev	halo < 2.24.3	Jun 25, 2026	CVE
CRITICAL 9.4	CVE-2026-55413	ToolJet – Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution_CVE-2026-55413 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-l...	ToolJet	ToolJet < 3.20.178-lts	Jun 25, 2026	CVE
HIGH 8.3	CVE-2026-55412	ToolJet Cloud – SSRF to Azure Cloud Infrastructure Compromise_CVE-2026-55412 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-l...	ToolJet	ToolJet < 3.20.178-lts	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-55411	ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization’s data-source secrets_CVE-2026-55411 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-...	ToolJet	ToolJet < 3.20.1780-lts	Jun 25, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass_CVE-2026-9799

Recent Advisories

Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token_CVE-2026-9705

Keycloak: group-admin escalation to realm-admin_CVE-2026-9099

Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass_CVE-2026-9086

Keycloak: keycloak: information disclosure through arbitrary filesystem path probing_CVE-2026-9083

socat 1.8.0.0 – 1.8.1.1 Heap Buffer Overflow via SOCKS5 Reply Parser_CVE-2026-56123

Halo: Path Traversal in Backup Download Leads to Arbitrary File Read_CVE-2026-55439

ToolJet – Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution_CVE-2026-55413

ToolJet Cloud – SSRF to Azure Cloud Infrastructure Compromise_CVE-2026-55412

ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization’s data-source secrets_CVE-2026-55411

Protect Your Attack Surface with RedGem

Security Intelligence
Feed