Skip to main content

CWE-1288

Improper Validation of Consistency within Input

17 CVEs Avg CVSS 6.6 MITRE
0
CRITICAL
8
HIGH
9
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2026-42982 HIGH PATCH NEWS Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +12
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-14781 MEDIUM This Month

Keycloak's OIDC broker incorrectly applies the email_verified claim from the id_token to whichever email address is returned by the userinfo endpoint, even when those two sources disagree. An attacker who controls or compromises an upstream OIDC identity provider can exploit this desynchronization - configured with trustEmail=true - to mark an arbitrary, attacker-chosen email address as verified in Keycloak's database. The practical consequence is bypassing email verification workflows or triggering account linkage/takeover in applications that trust the email_verified flag from Keycloak for identity decisions. No public exploit code exists and no CISA KEV listing applies at time of analysis.

Authentication Bypass Red Hat Build Of Keycloak Red Hat Data Grid 8 Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat Single Sign On 7 +1
NVD VulDB
CVSS 3.1
4.8
EPSS
0.2%
CVE-2026-9689 Maven MEDIUM This Month

HTTP parameter pollution in Keycloak enables authentication bypass against deployments where OAuth/OIDC client applications are configured with permissive redirect URI patterns. An unauthenticated remote attacker who can trick a user into clicking a crafted authorization URL can inject duplicate HTTP parameters into the OAuth flow, causing the client application to prioritize attacker-supplied values over server-authoritative data - potentially hijacking the authentication process or gaining unauthorized resource access. No public exploit has been identified and EPSS (0.08%, 23rd percentile) signals low real-world exploitation probability; however, the authentication bypass impact is meaningful in identity-sensitive deployments.

Authentication Bypass Build Of Keycloak
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2026-31709 HIGH PATCH This Week

Remote unauthenticated attackers can trigger out-of-bounds memory access in the Linux kernel SMB client's DACL parsing code by sending a malicious SMB response with a truncated DACL structure. The vulnerability exists in build_sec_desc() and id_mode_to_cifs_acl() functions which insufficiently validate server-supplied ACL data before rewriting it during chmod/chown operations, allowing ACE traversal beyond validated memory bounds. CVSS 8.8 indicates high severity with network vector requiring user interaction. EPSS score of 0.02% (5th percentile) suggests low observed exploitation probability in the wild, and no active exploitation is confirmed (not in CISA KEV). Vendor patch available targeting Linux kernel 7.0.2 and 7.1-rc1.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2022-50976 HIGH This Week

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. [CVSS 7.7 HIGH]

Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2024-12093 MEDIUM POC This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-2885 Cargo MEDIUM PATCH This Month

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

RCE Tough
NVD GitHub
CVSS 4.0
5.7
EPSS
0.2%
CVE-2024-8305 MEDIUM This Month

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-39515 HIGH This Week

An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-5953 MEDIUM This Month

A denial of service vulnerability was found in the 389-ds-base LDAP server. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
5.7
EPSS
0.6%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Windows Secure Kernel Mode (SKM/VTL1) allows an already-authenticated attacker to elevate to higher privileges on affected Windows 10, Windows 11 (through 26H1), and Windows Server 2016-2025 systems. The flaw stems from improper consistency validation of input crossing the trust boundary into the isolated secure kernel (CWE-1288), yielding full confidentiality, integrity, and availability impact on the local host. Microsoft has released a patch; there is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Microsoft Information Disclosure Windows 10 Version 1607 +14
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Keycloak's OIDC broker incorrectly applies the email_verified claim from the id_token to whichever email address is returned by the userinfo endpoint, even when those two sources disagree. An attacker who controls or compromises an upstream OIDC identity provider can exploit this desynchronization - configured with trustEmail=true - to mark an arbitrary, attacker-chosen email address as verified in Keycloak's database. The practical consequence is bypassing email verification workflows or triggering account linkage/takeover in applications that trust the email_verified flag from Keycloak for identity decisions. No public exploit code exists and no CISA KEV listing applies at time of analysis.

Authentication Bypass Red Hat Build Of Keycloak Red Hat Data Grid 8 +3
NVD VulDB
EPSS 0% CVSS 4.2
MEDIUM This Month

HTTP parameter pollution in Keycloak enables authentication bypass against deployments where OAuth/OIDC client applications are configured with permissive redirect URI patterns. An unauthenticated remote attacker who can trick a user into clicking a crafted authorization URL can inject duplicate HTTP parameters into the OAuth flow, causing the client application to prioritize attacker-supplied values over server-authoritative data - potentially hijacking the authentication process or gaining unauthorized resource access. No public exploit has been identified and EPSS (0.08%, 23rd percentile) signals low real-world exploitation probability; however, the authentication bypass impact is meaningful in identity-sensitive deployments.

Authentication Bypass Build Of Keycloak
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote unauthenticated attackers can trigger out-of-bounds memory access in the Linux kernel SMB client's DACL parsing code by sending a malicious SMB response with a truncated DACL structure. The vulnerability exists in build_sec_desc() and id_mode_to_cifs_acl() functions which insufficiently validate server-supplied ACL data before rewriting it during chmod/chown operations, allowing ACE traversal beyond validated memory bounds. CVSS 8.8 indicates high severity with network vector requiring user interaction. EPSS score of 0.02% (5th percentile) suggests low observed exploitation probability in the wild, and no active exploitation is confirmed (not in CISA KEV). Vendor patch available targeting Linux kernel 7.0.2 and 7.1-rc1.

Information Disclosure Linux
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. [CVSS 7.7 HIGH]

Information Disclosure
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

RCE Tough
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service MongoDB
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos +1
NVD
EPSS 1% CVSS 5.7
MEDIUM This Month

A denial of service vulnerability was found in the 389-ds-base LDAP server. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy