Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from cross-session verification proofs, which rely solely on local user IDs and IdP aliases without binding actual verified upstream identities. This...

EUVD-2024-17272

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

EUVD-2025-35719

The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks...

CVE-2025-62236 Frontier Airlines publicly available email address validation

The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks...

CVE-2025-62236 Frontier Airlines publicly available email address validation

The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks...

CVE-2025-62236

The CVE-2025-62236 entry concerns Frontier Airlines website: a publicly accessible endpoint that validates whether an email address is linked to an account. The vulnerability stems from an unauthenticated, remote check that can reveal valid email addresses, potentially enabling targeted follow‑on...

Unspecified Vulnerability in Mattermost Plugins

Mattermost is a private cloud messaging solution provider. A security vulnerability in Mattermost Plugins can be exploited by an attacker to attach their Mattermost account to another user's GitHub account...

GitLab: Stealing data from customers.gitlab.com without user interaction

Summary An attacker can link her own customers.gitlab.com account to the one of the victim, and these give access to 3 different vulnerabilities: - destroying subscriptions of the victim - buying new subscriptions using victim credit card for its own groups - some minor information disclosure abo...

My NJ Client APP has parallel override access vulnerability

My Nanjing Client APP is a city-level public service mobile application that integrates all kinds of living information in Nanjing. My Nanjing Client APP has a parallel override access vulnerability. Allowing an attacker to access all the real-name registered user and enterprise information and...