diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index e2bd8727d1c4..f202dc01a5e7 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,148 +1,178 @@
+  <vuln vid="7d7a28cd-7f5a-450a-852f-c49aaab3fa7e">
+    <topic>keycloak -- Multiple security fixes</topic>
+    <affects>
+      <package>
+        <name>keycloak</name>
+        <range><lt>26.0.8</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Keycloak reports:</p>
+        <blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
+          <p>This update includes 2 security fixes:</p>
+          <ul>
+            <li>CVE-2024-11734: Unrestricted admin use of system and environment variables</li>
+            <li>CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers</li>
+          </ul>
+        </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2024-11734</cvename>
+      <cvename>CVE-2024-11736</cvename>
+    </references>
+    <dates>
+      <discovery>2025-01-13</discovery>
+      <entry>2025-01-13</entry>
+     </dates>
+  </vuln>
+
   <vuln vid="7624c151-d116-11ef-b232-b42e991fc52e">
     <topic>asterisk - path traversal</topic>
     <affects>
       <package>
 	<name>asterisk18</name>
 	<range><lt>18.26.20</lt></range>
       </package>
       <package>
 	<name>asterisk20</name>
 	<range><lt>20.11.0</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>cve@mitre.org reports:</p>
 	<blockquote cite="https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616">
 	  <p>An issue in the action_listcategories() function of Sangoma Asterisk
 	v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
 	execute a path traversal.</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-53566</cvename>
       <url>https://nvd.nist.gov/vuln/detail/CVE-2024-53566</url>
     </references>
     <dates>
       <discovery>2024-12-02</discovery>
       <entry>2025-01-12</entry>
     </dates>
   </vuln>
 
   <vuln vid="4d79fd1a-cc93-11ef-abed-08002784c58d">
     <topic>redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors</topic>
     <affects>
       <package>
 	<name>redis</name>
 	<range><ge>7.0.0</ge><lt>7.4.2</lt></range>
       </package>
       <package>
 	<name>redis72</name>
 	<range><lt>7.2.7</lt></range>
       </package>
       <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Redis core team reports:</p>
 	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9">
 	  <p>
 	    An authenticated with sufficient privileges may create a
 	    malformed ACL selector which, when accessed, triggers a
 	    server panic and subsequent denial of service.The problem
 	    exists in Redis 7.0.0 or newer.
 	  </p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-51741</cvename>
       <url>https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9</url>
     </references>
     <dates>
       <discovery>2025-01-06</discovery>
       <entry>2025-01-10</entry>
     </dates>
   </vuln>
 
   <vuln vid="5f19ac58-cc90-11ef-abed-08002784c58d">
     <topic>redis,valkey -- Remote code execution valnerability</topic>
     <affects>
       <package>
 	<name>redis</name>
 	<range><lt>7.4.2</lt></range>
       </package>
       <package>
 	<name>redis72</name>
 	<range><lt>7.2.7</lt></range>
       </package>
       <package>
 	<name>redis62</name>
 	<range><lt>6.2.17</lt></range>
       </package>
       <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Redis core team reports:</p>
 	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c">
 	  <p>
 	    An authenticated user may use a specially crafted Lua
 	    script to manipulate the garbage collector and potentially
 	    lead to remote code execution. The problem exists in all
 	    versions of Redis with Lua scripting.
 	  </p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-46981</cvename>
       <url>https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c</url>
     </references>
     <dates>
       <discovery>2025-01-06</discovery>
       <entry>2025-01-10</entry>
     </dates>
   </vuln>
 
   <vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3">
     <topic>Gitlab -- Vulnerabilities</topic>
     <affects>
       <package>
 	<name>gitlab-ce</name>
 	<name>gitlab-ee</name>
 	<range><ge>17.7.0</ge><lt>17.7.1</lt></range>
 	<range><ge>17.6.0</ge><lt>17.6.3</lt></range>
 	<range><ge>11.0.0</ge><lt>17.5.5</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Gitlab reports:</p>
 	<blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/">
 	  <p>Possible access token exposure in GitLab logs</p>
 	  <p>Cyclic reference of epics leads resource exhaustion</p>
 	  <p>Unauthorized user can manipulate status of issues in public projects</p>
 	  <p>Instance SAML does not respect external_provider configuration</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2025-0194</cvename>
       <cvename>CVE-2024-6324</cvename>
       <cvename>CVE-2024-12431</cvename>
       <cvename>CVE-2024-13041</cvename>
       <url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url>
     </references>
     <dates>
       <discovery>2025-01-08</discovery>
       <entry>2025-01-08</entry>
     </dates>
   </vuln>