32 matches found
FastMCP 安全漏洞
FastMCP is a MCP server-building software developed by Jeremiah Lowin. Versions of FastMCP prior to 2.14.2 contained security vulnerabilities. These vulnerabilities stemmed from servers failing to properly handle resource parameters submitted by clients during authorization and token requests. As...
Security Updates for Microsoft SQL Server (January 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-20803. An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server...
EUVD-2022-6482
Malicious code in bioql PyPI...
CVE-2024-55225
CVE-2024-55225 affects Vaultwarden prior to v1.32.5. The issue resides in the component src/api/identity.rs and allows attackers to impersonate users (including Administrators) via a crafted authorization request. Public details indicate a user-impersonation vulnerability with high impact (CVE ha...
PT-2025-3103 · Unknown +1 · Vaultwarden +1
Name of the Vulnerable Software and Affected Versions: Vaultwarden versions prior to 1.32.5 Description: An issue in the component src/api/identity.rs of Vaultwarden allows attackers to impersonate users, including Administrators, via a crafted authorization request. This issue enables attackers ...
VulnCheck KEV: CVE-2016-4977
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the responsetype parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for responsetype...
GHSA-69FP-7C8P-CRJR Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
A flaw was found in Keycloak in the OAuth 2.0 Pushed Authorization Requests PAR. Client provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request. This could lead to an information...
Low: Red Hat Security Advisory: Red Hat build of Keycloak 24.0.5 Images enhancement and security update
New images are available for Red Hat build of Keycloak 24.0.5 and Red Hat build of Keycloak 24.0.5 Operator, running on OpenShift Container Platform Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which give...
keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
Low: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.9 security update
A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
Low: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.9 security update on RHEL 7
New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low and package name 'rh-sso7-keycloak'. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
keycloak: exposure of sensitive information in Pushed Authorization Requests (PAR) KC_RESTART cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
GHSA-4VRX-8PHJ-X3MG Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-69fp-7c8p-crjr. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to...
CVE-2024-4540 Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
CVE-2024-4540 Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...
CVE-2024-4540
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests PAR. Client-provided parameters were found to be included in plain text in the KCRESTART cookie returned by the authorization server's HTTP response to a requesturi authorization request, possibly leading to an information...