4149 matches found
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from remote, unauthenticated attackers being able to send specially crafted XML inputs to SAML endpoints. This vulnerability can lead to high CPU usage and wo...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the improper application of the OIDC bypass feature in the domain-level notBefore policy. This vulnerability may cause revoked tokens to remain...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the server’s processAction function not verifying the new credential parameters. This could lead to the creation of non-compliant credentials by...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from low-privilege administrators with the view-clients role being able to exploit the evaluate-scopes management API endpoint by passing arbitrary...
Keycloak 访问控制错误漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability related to access control. This vulnerability stems from an access control flaw within the OpenID Connect token, allowing confidential clients to bypass audience...
Keycloak 输入验证错误漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a vulnerability related to input validation. This vulnerability stems from differences in the URL validation logic during redirection operations, which may allow attackers to bypass...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an insecure direct object reference issue in the authorization service’s protected API endpoints. It allows authenticated clients ...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from a session fixation issue in the login endpoint. This vulnerability could allow unauthenticated attackers to intercept the authentication process,...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for low-privilege users to bypass security controls and disable the implicit flow of OIDC clients, potentially leading to the leakage o...
PT-2026-41833
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. The issue exists because the server-side processAction...
PT-2026-41841
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the OpenID Connect OIDC Introspection feature occurs when both realm-level and client-level notBefore revocation policies are configured. In this scenario, the system fails to...
PT-2026-41879
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the URL validation logic during redirect operations allows an attacker to bypass validation and redirect users to unauthorized URLs. This occurs when Keycloak clients are configure...
PT-2026-41872
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the WebAuthn Web Authentication flow allows a remote attacker to replay ExecuteActionsActionToken tokens. By intercepting an execute-actions email link, an attacker can register...
PT-2026-41880
A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which...
PT-2026-41871
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A broken access control issue exists in the Account Resources user lookup endpoint. A remote authenticated user who owns at least one User-Managed Access UMA resource can enumerate and harve...
PT-2026-41870
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An access control flaw exists in the OpenID Connect OIDC token introspection endpoint. This issue allows a confidential client with valid credentials to bypass audience restrictions and...
PT-2026-41881
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security control intended to disable the implicit flow in OpenID Connect OIDC clients can be bypassed. A low-privilege user with knowledge of user credentials and client ID can manipulate...
PT-2026-41878
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Security Assertion Markup Language SAML endpoint allows a remote, unauthenticated attacker to send specially crafted XML input. This improper input validation can cause high CP...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from an authentication flaw in the WebAuthn process. This flaw allows remote attackers to reissue the ExecuteActionsActionToken token, enabling them ...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an access control flaw in the Account Resources user lookup endpoint. It allows remote authenticated users who have at least one...