CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Chainguard•added 2026/01/28 1:17 a.m.•11 views

CVE-2025-66021 vulnerabilities

Vulnerabilities for packages: keycloak...

8.6CVSS5.9AI score0.00217EPSS

Exploits1

Chainguard•added 2026/01/28 1:17 a.m.•3 views

GHSA-G9GQ-3PFX-2GW2 vulnerabilities

Vulnerabilities for packages: keycloak...

5.9AI score

Snyk•added 2026/01/27 12:34 p.m.•3 views

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the Admin API. An attacker can access sensitive user attributes ...

5.1CVSS5.9AI score0.00364EPSS

Exploits0References2

CNNVD•added 2026/01/27 12:0 a.m.•3 views

Keycloak security vulnerabilities

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from improper control of administrator API permissions. This vulnerability may allow restricted administrators to retrieve sensitive user attributes...

2.7CVSS5.8AI score0.00364EPSS

Exploits0References3

vulnersOsv•added 2026/01/26 9:30 p.m.•1 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +155 more potentially affected by CVE-2026-1190 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.2)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.2.0, =1.3.0 and more Source cves: CVE-2026-1190 Source advisory: OSV:GHSA-63V5-26VQ-M4VMhttps://vulners.com/osv/OSV:GHSA-63V5-26VQ-M4...

3.1CVSS5.4AI score0.00369EPSS

Github Security Blog•added 2026/01/26 9:30 p.m.•17 views

Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

Exploits0References7Affected Software1

OSV•added 2026/01/26 9:30 p.m.•2 views

GHSA-63V5-26VQ-M4VM Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods

NVD•added 2026/01/26 8:16 p.m.•5 views

Exploits0References7

CVE-2026-1190

3.1CVSS0.00369EPSS

EUVD•added 2026/01/26 7:36 p.m.•6 views

EUVD-2026-4670

Cvelist•added 2026/01/26 7:36 p.m.•17 views

Exploits0References2

CVE-2026-1190 Org.keycloak/keycloak-services: keycloak saml brokering: response delay due to unchecked notonorafter in subjectconfirmationdata

3.1CVSS0.00369EPSS

ATTACKERKB•added 2026/01/26 7:36 p.m.•5 views

CVE-2026-1190

Vulnrichment•added 2026/01/26 7:36 p.m.•4 views

Exploits0References5

CVE-2026-1190 Org.keycloak/keycloak-services: keycloak saml brokering: response delay due to unchecked notonorafter in subjectconfirmationdata

CVE•added 2026/01/26 7:36 p.m.•21 views

CVE-2026-1190

Summary: CVE-2026-1190 affects Keycloak when used as a SAML client; it fails to validate the NotOnOrAfter timestamp in SubjectConfirmationData, allowing an attacker to delay SAML response expiration and potentially extend valid session duration. What’s affected: Keycloak’s SAML brokering function...

Chainguard•added 2026/01/26 7:17 p.m.•5 views

CVE-2025-14559 vulnerabilities

Vulnerabilities for packages: keycloak, keycloak-fips...

6.5CVSS5.8AI score0.00443EPSS

Chainguard•added 2026/01/26 7:17 p.m.•7 views

GHSA-WV3H-X6C4-R867 vulnerabilities

Vulnerabilities for packages: keycloak, keycloak-fips...

5.8AI score