CVSS: 9.4EPSS: %CPEs: 1EXPL: 0CVE-2026-24042 – Appsmith public apps can execute unpublished actions (viewMode confusion)
https://notcve.org/view.php?id=CVE-2026-24042
22 Jan 2026 — An attack can result in sensitive data exposure, execution of edit‑mode queries and APIs, development data access, and the ability to trigger side effect behavior. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-j9qq-4fj9-9883 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2026-23990 – Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims
https://notcve.org/view.php?id=CVE-2026-23990
21 Jan 2026 — This can result in privilege escalation, data exposure, and/or information disclosure. • https://github.com/controlplaneio-fluxcd/flux-operator/commit/084540424f6de8ba5d88fb1fd1e8472ba29afd7e • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 8.8EPSS: %CPEs: 2EXPL: 0CVE-2025-14083 – Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure
https://notcve.org/view.php?id=CVE-2025-14083
21 Jan 2026 — A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control. • https://access.redhat.com/security/cve/CVE-2025-14083 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33231
https://notcve.org/view.php?id=CVE-2025-33231
20 Jan 2026 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33231 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33230
https://notcve.org/view.php?id=CVE-2025-33230
20 Jan 2026 — A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33230 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33229
https://notcve.org/view.php?id=CVE-2025-33229
20 Jan 2026 — A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33229 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33228
https://notcve.org/view.php?id=CVE-2025-33228
20 Jan 2026 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33228 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33233
https://notcve.org/view.php?id=CVE-2025-33233
20 Jan 2026 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33233 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-1180 – Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri
https://notcve.org/view.php?id=CVE-2026-1180
20 Jan 2026 — As a result, attackers can probe internal services and cloud metadata endpoints, creating an information disclosure and reconnaissance risk. • https://access.redhat.com/security/cve/CVE-2026-1180 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.1EPSS: 0%CPEs: -EXPL: 1CVE-2026-1197 – MineAdmin downloadById information disclosure
https://notcve.org/view.php?id=CVE-2026-1197
20 Jan 2026 — Performing a manipulation of the argument ID results in information disclosure. • https://github.com/SourByte05/MineAdmin-Vulnerability/issues/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •