Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-4629	Keycloak: keycloak: privilege escalation through hardcoded role mapper injection_CVE-2026-4629 A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded rol...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
CRITICAL 9.5	CVE-2026-44946	SAML Authentication Replay in Rancher_CVE-2026-44946 A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, po...	SUSE	Rancher 2.14.0	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-14209	Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions_CVE-2026-14209 A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-12388	Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper_CVE-2026-12388 A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services i...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
HIGH 7.8	1A5AFF91-769E-	Exploit for CVE-2026-46331_1A5AFF91-769E-5D60-9467-A406F3FD6FD5 CVE-2026-46331 - "pedit COW" Vulnerability Assessment & Mitigation Guide Este repositorio contiene herramientas administrativas básicas para verifi...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
HIGH 7.5	5CCC4D1D-CB00-	Exploit for CVE-2026-4020_5CCC4D1D-CB00-54EE-88B5-E103837659E0 No description provided...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
HIGH 7.8	B1A34079-E8F9-	Exploit for CVE-2026-31694_B1A34079-E8F9-5174-9297-C9EF365CAE42 FUSE readdir cache out-of-bounds write PoC Local proof of concept for a missing bounds check in fs/fuse/readdir.c:fuseadddirenttocache. A FUSE serv...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
NONE	H1:3831432	curl: setopt(VERIFYPEER) from callback bypasses TLS verify on connection reuse_H1:3831432 ## Summary: `Curl_ssl_conn_config_update` overwrites `conn->ssl_config.verifypeer` when `curl_easy_setopt(CURLOPT_SSL_VERIFYPEER, ...)` is called,...	N/A	N/A	Jun 29, 2026	HACKERONE
NONE	IMPERVABLOG:02B...	AI Agents Are Visiting Your Website. Which Ones Should You Trust?_IMPERVABLOG:02B3638CB0833BED533ED6C0178D7199 The internet is changing fast. For years, the main goal of search was simple: to help users find links. A user searched, reviewed results, clicked...	N/A	N/A	Jun 30, 2026	IMPERVABLOG
NONE	SECURELIST:318E...	ToddyCat: your hidden email assistant. Part 2_SECURELIST:318E425764C1762E8EB0EB5B9B2F6150 ![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2026/06/19083452/toddycat-part-2-featured-image-990x400.jpg) ## Introduction...	N/A	N/A	Jun 30, 2026	SECURELIST