Latest CVE Feed

CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable

Score

Vulnerability

Published

6.5 MEDIUM

CVE-2026-37979 — Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience…

A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attac…

build_of_keycloak | Remote | Authorization

May 19, 2026 Jun 03, 2026

May 19, 2026

Jun 03, 2026

4.9 MEDIUM

CVE-2026-37978 — Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes adm…

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) para…

build_of_keycloak | Remote | Authorization

May 19, 2026 Jun 03, 2026

May 19, 2026

Jun 03, 2026

Showing 20 of 7622 Results

Browse by Apps

Latest CVE Feed

Cookie Preferences