LOW2.9CVE-2026-23553EPSS 0.03%In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run.
LOW3.1EPSS 0.02%Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
LOW3.7EPSS 0.04%Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
LOW2.5EPSS 0.01%In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
LOW3.7EPSS 0.07%FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
LOW2.7EPSS 0.01%Keycloak Admin REST API exposes backend schema and rules
LOW3.1EPSS 0.01%Keycloak does not validate and update refresh token usage atomically
LOW3.7EPSS 0.01%Keycloak has an improper input validation vulnerability
LOW2.5EPSS 0.01%Weblate command-line client susceptible to SSL verification skip
LOW3.3EPSS 0.01%AcademySoftwareFoundation OpenColorIO has an out-of-bounds vulnerability
LOW3.3EPSS 0.01%LIEF is vulnerable to segmentation fault
LOW3.1EPSS 0.10%When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authen…
LOW3.5EPSS 0.04%Jenkins has a CSRF vulnerability on the login form
LOW2.7EPSS 0.01%Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
LOW3.7EPSS 0.01%Keycloak unable to restrict access to the admin console
LOW3.6EPSS 0.02%Spotipy has a XSS vulnerability in its OAuth callback server
LOW3.7EPSS 0.05%NutzBoot vulnerable to deserialization
LOW2.8EPSS 0.01%Mustangproject allows exfiltrating files via XXE attacks
LOW3.3EPSS 0.01%Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control
LOW3.1EPSS 0.06%PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
LOW3.5EPSS 0.08%changedetection.io: Stored XSS in Watch update via API
LOW3.3EPSS 0.03%An issue was discovered in PyTorch v2.5 and v2.7.1.
LOW2.6EPSS 0.03%Weblate leaks the IP of project member inviting user to be reviewer in Audit log
LOW3.1EPSS 0.06%reflex-dev/reflex has an Open Redirect vulnerability
LOW3.6EPSS 0.06%ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.