Where
-Infinity
0

Trending

Last week
Last month
Last year

Keycloak KeycloakOrg.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation

Risk 13
Severity
3.1
EPSS
0.02%
First published (updated )
CVE-2026-4874

Keycloak KeycloakKeycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak

Risk 21
Severity
5.8
EPSS
0.03%
First published (updated )
CVE-2026-4366

redhat JBoss Enterprise Application PlatformUndertow: undertow: request smuggling via malformed http request headers

Risk 66
Severity
9.1
First published (updated )
CVE-2026-28369

redhat JBoss Enterprise Application PlatformUndertow: undertow: request smuggling via inconsistent header parsing

Risk 66
Severity
9.1
First published (updated )
CVE-2026-28368

redhat JBoss Enterprise Application PlatformUndertow: undertow: request smuggling via `\r\r\r` as a header block terminator

Risk 66
Severity
9.1
First published (updated )
CVE-2026-28367
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat Enterprise LinuxUndertow: undertow: denial of service due to premature multipart/form-data parsing in get requests

Risk 43
Severity
7.5
First published (updated )
CVE-2026-3260

maven/org.keycloak/keycloak-servicesKeycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

Risk 66
Severity
7.2
First published (updated )
CVE-2026-3121

redhat Build Of KeycloakOrg.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)

Risk 43
Severity
8.1
EPSS
0.06%
First published (updated )
CVE-2026-3009

redhat JBoss Enterprise Application PlatformUndertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

Risk 76
Severity
9.6
First published (updated )
CVE-2025-12543

redhat JBoss Enterprise Application PlatformUndertow: undertow madeyoureset http/2 ddos vulnerability

Risk 31
Severity
7.5
EPSS
0.61%
First published (updated )
CVE-2025-9784
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat JBoss Enterprise Application PlatformInfinispan: credential leakage in infinispan cli

Risk 26
Severity
6.2
EPSS
0.01%
First published (updated )
CVE-2025-5731

maven/org.wildfly.core:wildfly-elytron-integrationOrg.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli

Risk 80
Severity
9.8
First published (updated )
CVE-2025-23368

maven/org.wildfly.core:wildfly-serverOrg.wildfly.core:wildfly-server: wildfly improper rbac permission

Risk 27
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2025-23367

redhat Build Of KeycloakWildfly: wildfly vulnerable to cross-site scripting (xss)

Risk 54
Severity
7.3
First published (updated )
CVE-2024-10234

maven/io.undertow:undertow-coreUndertow: improper state management in proxy protocol parsing causes information leakage

Risk 32
Severity
7.5
EPSS
0.10%
First published (updated )
CVE-2024-7885
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/io.undertow:undertow-coreUndertow: out-of-memory error after several closed connections with wildfly-http-client protocol

Risk 46
Severity
7.5
First published (updated )
CVE-2024-1635

redhat JBoss Enterprise Application PlatformJberet: jberet-core logging database credentials

Risk 40
Severity
6.5
First published (updated )
CVE-2024-1102

Fortinet FortiSIEMOpenSSH Terrapin attack (CVE-2023-48795)

Risk 37
Severity
6
First published (updated )
CVE-2023-48795

Apache Tomcat- Rapid Reset HTTP/2 vulnerability

Risk 65
Severity
7.5
Exploited
Zeroday
First published (updated )
CVE-2023-44487

redhat JBoss Enterprise Application PlatformUndertow: ajp request closes connection exceeding maxrequestsize

Risk 31
Severity
7.5
EPSS
0.13%
First published (updated )
CVE-2023-5379
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat JBoss Enterprise Application PlatformWildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

Risk 40
Severity
6.5
First published (updated )
CVE-2023-4061

maven/org.infinispan:infinispan-server-restInfinispan: non-admins should not be able to get cache config via rest api

Risk 40
Severity
6.5
First published (updated )
CVE-2023-3629

maven/org.infinispan:infinispan-server-restInfispan: rest bulk ops don't check permissions

Risk 40
Severity
6.5
First published (updated )
CVE-2023-3628

redhat JBoss Enterprise Application PlatformEap-7: heap exhaustion via deserialization

Risk 45
Severity
7.5
First published (updated )
CVE-2023-3171

redhat OpenShift Container PlatformUndertow: outofmemoryerror due to @multipartconfig handling

Risk 46
Severity
7.5
First published (updated )
CVE-2023-3223
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/eap7-undertowUndertow: infinite loop in sslconduit during close

Risk 46
Severity
7.5
First published (updated )
CVE-2023-1108

redhat/rh-sso7-keycloakA flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserT…

Risk 45
Severity
7.5
First published (updated )
CVE-2022-0853

redhat/log4jDeserialization of untrusted data in JMSAppender in Apache Log4j 1.2

Risk 79
Severity
8.1
First published (updated )
CVE-2021-4104

redhat/eap7-wildflyThere was a vulnerability found in wildfly, where incorrect JBOSS_LOCAL_USER challenge location whe…

Risk 71
Severity
7.8
First published (updated )
CVE-2021-3717

redhat/eap7-wildfly-elytronA flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled…

Risk 33
Severity
5.3
First published (updated )
CVE-2021-3642
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203