Skip to main content
CVE-2026-23996 LOW PATCH Monitor

FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verify_key(). [CVSS 3.7 LOW]

Information Disclosure Fastapi Api Key
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-0988 LOW Monitor

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. [CVSS 3.7 LOW]

Buffer Overflow Integer Overflow Denial Of Service
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2026-24048 LOW PATCH Monitor

Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive U...

SSRF Open Redirect
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
CVE-2026-1035 LOW Monitor

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. [CVSS 3.1 LOW]

Authentication Bypass
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-14083 LOW Monitor

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control. [CVSS 2.7 LOW]

Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
2.7
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy