Lucene search
K

75 matches found

Snyk
Snyk
added 2025/10/29 3:38 p.m.39 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' during the authentication with OAuth providers that don't support Dynamic Client Registration DCR. An attacker can...

7.3CVSS7.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/17 12:45 p.m.9 views

CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

9.8CVSS7.1AI score0.00679EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 3:30 p.m.5 views

EUVD-2025-34755

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

9.8CVSS6.6AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 1:15 p.m.7 views

CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

9.8CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2025/10/16 1:15 p.m.6 views

CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

9.8CVSS0.00679EPSS
Exploits0References1
CVE
CVE
added 2025/10/16 12:37 p.m.22 views

CVE-2025-9152

CVE-2025-9152 affects WSO2 API Manager (and API Control Plane) via the keymanager-operations Dynamic Client Registration endpoint. The root cause is missing authentication and authorization checks, causing improper privilege management. An attacker could generate access tokens with elevated privi...

9.8CVSS6.7AI score0.00679EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/16 12:37 p.m.11 views

CVE-2025-9152 Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

9.8CVSS0.00679EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 12:37 p.m.4 views

CVE-2025-9152 Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

9.8CVSS6.7AI score0.00679EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.5 views

PT-2025-42462

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description A flaw exists due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. This can allow a malicious user to generat...

9.8CVSS6.4AI score0.00679EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.5 views

WSO2 API Manager和WSO2 API Control Plane 安全漏洞

WSO2 API Manager and WSO2 API Control Plane are products of WSO2, Inc. WSO2 API Manager is an API lifecycle management solution and WSO2 API Control Plane is a control panel. A security vulnerability exists in WSO2 API Manager and WSO2 API Control Plane that stems from a lack of authentication an...

9.8CVSS6.9AI score0.00679EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.19 views

EUVD-2021-0993

Malware in sbrugna...

9.1CVSS9.1AI score0.01494EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1087

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.01075EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.9 views

OAuth Dynamic Client Registration Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible OAuth Dynamic Client Registration endpoint on the target application. OAuth Dynamic Client Registration allows clients to register dynamically with an authorization server and is very common in...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/18 12:0 a.m.7 views

OAuth Dynamic Client Registration Permissive Metadata Field

OAuth Dynamic Client Registration allows for various metadata fields such as 'clientname', 'websiteuri' during the registration process. When the OAuth server accepts permissive values for such fields, such as ones starting with javascript://, an attacker could exploit this to perform Cross-Site...

6.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 p.m.6 views

CVE-2021-26715

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery SSRF vulnerability. The vulnerability arises due to unsafe usage of the logouri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP reque...

9.1CVSS7.2AI score0.01494EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/25 3:58 p.m.47 views

CVE-2023-6544 Keycloak: authorization bypass

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...

5.4CVSS5.4AI score0.01075EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/04/25 3:58 p.m.24 views

CVE-2023-6544 Keycloak: authorization bypass

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic...

5.4CVSS6.2AI score0.01075EPSS
Exploits0References9
CVE
CVE
added 2024/04/25 3:58 p.m.413 views

CVE-2023-6544

CVE-2023-6544 affects Keycloak via a permissive regular expression used for filtering that governs Dynamic Client Registration and TrustedDomain. The root cause is a hardcoded regex that allows hosts to register a dynamic client, enabling a malicious user with environment knowledge to compromise ...

5.4CVSS5.8AI score0.01075EPSS
Exploits0References9
Veracode
Veracode
added 2024/04/18 10:19 a.m.30 views

Authorization Bypass

keycloak is vulnerable to Authorization Bypass. The vulnerability is due to a hardcoded permissive regular expression which is used to filtering allowed hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with specific...

5.4CVSS5.8AI score0.01075EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2024/04/17 5:33 p.m.5 views

GHSA-46C8-635V-68R2 Keycloak Authorization Bypass vulnerability

Due to a permissive regular expression hardcoded for filtering allowed hosts to register a dynamic client, a malicious user with enough information about the environment could benefit and jeopardize an environment with this specific Dynamic Client Registration with TrustedDomain configuration...

5.4CVSS5.9AI score0.01075EPSS
Exploits0References12
Rows per page
Query Builder