Skip to main content
CVE-2026-9088 LOW PATCH Monitor

Information disclosure in Red Hat Build of Keycloak's group members endpoint allows a highly privileged but delegated administrator to bypass explicitly configured user profile attribute access controls. An administrator granted only delegated read access to group memberships and user data can invoke the group members API endpoint to retrieve user attributes that have been administratively denied to that role, circumventing the intended granularity of access control. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and the CVSS score of 2.7 (Low) reflects the high privilege prerequisite and limited confidentiality impact.

Information Disclosure Red Hat Build Of Keycloak
NVD VulDB
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-45723 LOW PATCH GHSA Monitor

Path traversal in Siderolabs Omni's `CreateSchematic` gRPC endpoint allows an authenticated Operator to force the server to issue HTTP GET requests to arbitrary paths on the configured image-factory host by injecting `../` sequences into the `TalosVersion` field. The CVSS score of 2.7 (PR:H, C:L) reflects that exploitation requires a high-privilege Operator credential and yields only limited confidentiality impact - error body content from unintended image-factory endpoints is reflected back to the caller. No public exploit or CISA KEV listing exists at time of analysis, placing this in a low-priority patch tier for most deployments.

Path Traversal
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-47388 LOW PATCH GHSA Monitor

Unauthorized cross-tenant file read in NocoDB's MCP readAttachment tool allows any low-privilege MCP token holder to stream arbitrary attachment files from shared storage, including those belonging to unrelated bases and workspaces. Affected versions are all NocoDB releases up to and including 2026.05.0 (npm/nocodb). The root cause is CWE-639: the tool accepted caller-supplied path or URL values and streamed them directly without verifying that the referenced file's base_id matched the caller's MCP context. No public exploit has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2024-24769 LOW PATCH GHSA Monitor

### Impact Users can reset their MFA token via API routes that send them an email. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-10876 LOW Monitor

Improper authorization in SourceCodester Ship Ferry Ticket Reservation System 1.0 allows authenticated remote attackers with low privileges to manipulate the `page` argument on the `/admin/` endpoint, bypassing access controls and gaining unauthorized access to administrative functionality. The CVSS 4.0 vector (PR:L) confirms exploitation requires a valid low-privileged account rather than unauthenticated access. Publicly available exploit code exists (E:P in CVSS 4.0 vector, corroborated by a published Medium writeup), though the overall severity is rated Low (2.1) due to limited confidentiality, integrity, and availability impact with no scope change to subsequent systems.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-11330 LOW PATCH Monitor

Hash collision via field-boundary ambiguity in thedotmack/claude-mem through 11.0.1 allows a local low-privilege attacker to cause two semantically distinct observation records to produce identical content hashes, corrupting the SQLite-backed deduplication and integrity logic. The root cause is delimiter-free concatenation of three input fields in `computeObservationContentHash`, meaning different distributions of characters across `memorySessionId`, `title`, and `narrative` yield the same hash input and thus the same digest. No public exploit exists and exploitation is not confirmed actively in the wild; vendor-released fix version 12.0.0 is available.

Information Disclosure Claude Mem
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-11329 LOW PATCH Monitor

Weak cache key construction in onnx-mlir's torch backend (versions up to 0.5.0.0) omits tensor data type (dtype) from placeholder node hash keys, enabling cache collisions between semantically distinct nodes. A locally authenticated attacker with high-complexity manipulation can cause the compiler to incorrectly reuse cached compilation results across mismatched dtypes, yielding low-integrity and low-availability impacts. No public exploit is identified at time of analysis; the upstream fix is confirmed via commit 72c5187 and PR #3427.

Information Disclosure Python
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-47680 MEDIUM PATCH GHSA This Month

Path traversal vulnerabilities in Flux source-controller (CWE-23) expose two distinct attack surfaces on the controller pod. In the Bucket reconciler, an actor who can influence object keys in a referenced bucket can cause source-controller to write fetched data to arbitrary paths on the pod filesystem, escaping the per-reconciliation working directory sandbox. Separately, authenticated Kubernetes users with GitRepository create/update RBAC permissions can exploit the sparse-checkout feature (v1.6.0+) to enumerate file paths on the controller pod via the resource's status field. Both issues are patched in source-controller v1.8.5; no public exploit has been identified at time of analysis and this CVE is not listed in CISA KEV.

Path Traversal
NVD GitHub
EPSS
0.1%
CVE-2026-47669 CRITICAL PATCH GHSA Act Now

Remote code execution in DbGate versions 7.1.8 and earlier allows network-adjacent attackers to achieve full container compromise via a Zip Slip flaw in the archive unzip endpoint. Because the default Docker deployment runs as root and the bundled 'none' authentication provider issues JWT tokens without credentials, any attacker reachable on the network can upload a malicious ZIP that writes files anywhere on the filesystem, including cron entries for code execution. Publicly available exploit code exists in the GHSA advisory itself, and an upstream patched release (7.1.9) is available.

Docker Python Path Traversal
NVD GitHub
EPSS
0.1%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy