Lucene search
K

7 matches found

EUVD
EUVD
added yesterday23 views

EUVD-2026-12688

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions...

7.7CVSS5.8AI score0.00241EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/03/18 3:32 a.m.21 views

Duplicate Advisory: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-794g-x443-36f7. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly...

7.7CVSS5.9AI score0.00241EPSS
Exploits0References10Affected Software3
CVE
CVE
added 2026/03/18 1:14 a.m.45 views

CVE-2026-2092

Keycloak SAML broker endpoint vulnerability: encrypted SAML assertions are not properly validated when the overall SAML response is unsigned. An attacker with a valid signed SAML assertion can craft a malicious SAML response to inject an encrypted assertion for an arbitrary principal, leading to ...

7.7CVSS5.8AI score0.00241EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/11 8:53 p.m.4 views

CVE-2020-36892

Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf endpoint to elevate privileges and take over user accounts by manipulating ro...

9.8CVSS7.2AI score0.00918EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.7 views

PT-2025-50515

Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized objects to the /messagebroker/amf endpoint to create administrative...

9.3CVSS7.2AI score0.00696EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-0810

Malware in sbrugna...

8.1CVSS6.6AI score0.00814EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/11/13 6:15 p.m.2 views

keycloak: expiration not validated in SAML broker consumer endpoint

The SAML broker consumer endpoint in Keycloak before version 4.6.0.Final ignores expiration conditions on SAML assertions. An attacker can exploit this vulnerability to perform a replay attack...

8.1CVSS5.8AI score0.00814EPSS
Exploits0References4
Rows per page
Query Builder