Lucene search
K

14 matches found

EUVD
EUVD
added 2026/05/08 10:35 p.m.11 views

EUVD-2026-28857

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...

5.1CVSS5.7AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 9:56 p.m.3 views

CVE-2026-33175 OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS5.8AI score0.00438EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 6:28 p.m.27 views

CVE-2026-3047

A flaw in Keycloak’s SAML broker (org.keycloak.broker.saml) allows a disabled SAML client, when configured as an IdP-initiated broker landing target, to complete the login flow and establish an SSO session. This can let a remote attacker access other enabled clients without re-authenticating, eff...

8.8CVSS5.9AI score0.00469EPSS
Exploits0References7Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2058

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00405EPSS
Exploits0References5
OSV
OSV
added 2025/09/15 12:31 p.m.3 views

GHSA-69J8-PRX2-VX98 Mattermost Open Redirect vulnerability

Mattermost versions 10.10.x = 10.10.1, 10.5.x = 10.5.9, 10.9.x = 10.9.4 fail to validate the redirectto parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL...

7.6CVSS6.8AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/28 4:43 p.m.4 views

keycloak: Phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References6
Snyk
Snyk
added 2025/07/10 3:31 p.m.4 views

Origin Validation Error

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Origin Validation Error via the review profile process. An attacker can gain unauthorized access to another...

7.1CVSS7AI score0.00226EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/10 3:31 p.m.5 views

Origin Validation Error

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Origin Validation Error via the review profile process. An attacker can gain unauthorized access to...

7.1CVSS7AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/10 2:20 p.m.14 views

CVE-2025-7365 Keycloak: phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

7.1CVSS0.00226EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/07/10 2:20 p.m.4 views

CVE-2025-7365 Keycloak: phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

7.1CVSS6.8AI score0.00226EPSS
Exploits0References8
CVE
CVE
added 2025/07/10 2:20 p.m.52 views

CVE-2025-7365

Keycloak vulnerability CVE-2025-7365 involves an IdP login flow where an authenticated attacker merging accounts can alter their email to match a victim’s, triggering a verification email to the victim. If the victim clicks the verification link, the attacker could gain access to the victim’s acc...

7.1CVSS6.2AI score0.00226EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.7 views

PT-2025-29098

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw exists in Keycloak that allows an authenticated attacker to potentially gain access to a victim's account. During an identity provider IdP login, if an attacker attempts to merge...

7.1CVSS6.1AI score0.00226EPSS
Exploits0References20
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.6 views

Keycloak 访问控制错误漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an access control error vulnerability that stems from a flaw in the account merge function during identity provider login, which could allow an attacker to gain access to a victim's...

7.1CVSS4.2AI score0.00226EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/07/26 3:54 p.m.6 views

grafana: OAuth account takeover

A flaw was found in Grafana. This flaw allows a malicious user with the authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under certain conditions...

7.5CVSS7.3AI score0.02039EPSS
Exploits0References5
Rows per page
Query Builder