6.5
CVE-2026-24900 - MarkUs has a submission-view IDOR exposes all student submissions
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content accepted a select_file_id parameter to serve SubmissionFile objects containing a record of files submitted by students. Tβ¦
7.5
CVE-2026-25231 - FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or caβ¦
4.6
CVE-2026-25230 - FileRise affected by HTML Injection using color property in file tags
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on active interaction. This vulnerability is fixeβ¦
6.7
CVE-2026-24777 - OpenProject has Improper Access Control on User Management allows user managers to lock admin accouβ¦
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrators.β¦
5.4
CVE-2025-14778 - Keycloak: incorrect ownership checks in /uma-policy/
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first β¦
8.7
CVE-2026-24684 - FreeRDP has a Heap-use-after-free in play_thread
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.
8.8
CVE-2026-1486 - Org.keycloak.protocol.oidc.grants: disabled identity providers are still accepted for jwt authorizaβ¦
A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer lookup mechanism (lookupIdentityProviderFromIssuer) retrieves the IdP configuration but does not filteβ¦
8.7
CVE-2026-24683 - FreeRDP has a heap-use-after-free in ainput_send_input_event
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This vulnerβ¦
8.7
CVE-2026-24682 - FreeRDP has a Heap-buffer-overflow in audio_formats_free
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.
8.1
CVE-2026-1529 - Org.keycloak.services.resources.organizations: keycloak: unauthorized organization registration viaβ¦
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into anβ¦