CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

OSV•added 2026/01/08 6:31 a.m.•3 views

GHSA-GV94-WP4H-VV8P Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

5.3CVSS6.8AI score0.00361EPSS

Exploits0References7

Github Security Blog•added 2026/01/08 6:31 a.m.•9 views

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

5.3CVSS6.9AI score0.00361EPSS

Exploits0References7Affected Software1

NVD•added 2026/01/08 4:15 a.m.•3 views

CVE-2026-0707

5.3CVSS0.00361EPSS

Exploits0References5

ATTACKERKB•added 2026/01/08 3:41 a.m.•7 views

CVE-2026-0707

5.3CVSS5.8AI score0.00361EPSS

Exploits0References5

Cvelist•added 2026/01/08 3:41 a.m.•29 views

CVE-2026-0707 Keycloak: keycloak authorization header parsing leading to potential security control bypass

5.3CVSS0.00361EPSS

Exploits0References5

Positive Technologies•added 2026/01/08 12:0 a.m.•5 views

PT-2026-1976

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters, such as tabs, as separators...

5.3CVSS6.6AI score0.00361EPSS

Exploits0References14

Github Security Blog•added 2025/10/10 3:31 p.m.•11 views

Alt Redirect: Potential Authentication Bypass by Spoofing through query-string stripping logic flaw

The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This may lead to cache poisoning, parameter...

6.5CVSS6.9AI score0.00209EPSS

Exploits0References6Affected Software1

NVD•added 2025/10/10 2:15 p.m.•4 views

CVE-2025-60868

6.5CVSS0.00209EPSS

Exploits0References2

Positive Technologies•added 2025/10/10 12:0 a.m.•4 views

PT-2025-41562

Name of the Vulnerable Software and Affected Versions Statamic Alt Redirect version 1.6.3 Description The Alt Redirect 1.6.3 addon for Statamic does not consistently remove query string parameters when the "Query String Strip" feature is enabled. Variations in case, encoded keys, and duplicate...

6.5CVSS6.4AI score0.00209EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by