CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/02 12:37 p.m.•4 views

CVE-2026-4282

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...

7.4CVSS5.8AI score0.00415EPSS

ATTACKERKB•added 2026/04/02 12:37 p.m.•7 views

CVE-2026-3872

Vulnrichment•added 2026/04/02 12:37 p.m.•1 views

Exploits0References7

CVE-2026-3872 Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

CVE•added 2026/04/02 12:37 p.m.•123 views

CVE-2026-3872

CVE-2026-3872 involves Keycloak and describes a flaw where an attacker controlling another path on the same web server can bypass the allowed path in redirect URIs that use a wildcard. This bypass can lead to information disclosure by theft of an access token. The connected documents confirm the ...

Exploits0References6Affected Software1

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29729

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This allows an unauthenticated attacker to forge authorizati...

7.4CVSS5.9AI score0.00415EPSS

Exploits0References13

CNNVD•added 2026/04/02 12:0 a.m.•7 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the lack of proper type and namespace isolation in SingleUseObjectProvider. This vulnerability could allow unverified attackers to forge authorization...

7.4CVSS5.8AI score0.00415EPSS

CNNVD•added 2026/04/02 12:0 a.m.•4 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from the use of wildcarded redirect URI paths, which may allow attackers to steal access tokens, leading to information leaks...

CNNVD•added 2026/04/02 12:0 a.m.•4 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from the lack of proper type and namespace isolation in SingleUseObjectProvider. This vulnerability could allow attackers to delete single-use entries, thereb...

5.3CVSS5.8AI score0.0025EPSS

CNNVD•added 2026/04/02 12:0 a.m.•5 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises from verified users with the UMA protection role being able to bypass UMA policy verification. This could allow attackers to include...

8.1CVSS5.8AI score0.00338EPSS

Exploits1References6

Positive Technologies•added 2026/04/02 12:0 a.m.•3 views

PT-2026-29731

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...

7.5CVSS5.9AI score0.00512EPSS

Positive Technologies•added 2026/04/02 12:0 a.m.•2 views

PT-2026-29728

CNNVD•added 2026/04/02 12:0 a.m.•4 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability that stems from sending a specially crafted POST request with an excessively long scope parameter to the OIDC token endpoint. This can lead to excessive resource...

7.5CVSS5.8AI score0.00512EPSS

Positive Technologies•added 2026/04/02 12:0 a.m.•20 views

PT-2026-29730

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.0025EPSS

OSV•added 2026/04/01 10:2 a.m.•2 views

CLEANSTART-2026-TA42758 Security fixes for ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-9342-92gg-6v29, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v applied in versions: 26.1.4-r1

Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details...

Wolfi•added 2026/03/30 7:48 p.m.•8 views

Exploits0References9

CVE-2026-32287 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-kms, amazon-cloudwatch-agent, crossplane-provider-azure-sql, crossplane-provider-aws-cloudformation, crossplane-provider-aws-dynamodb, crossplane-provider-aws-kinesis, crossplane-provider-aws-firehose, crossplane-provider-aws-s3,...

7.5CVSS6.3AI score0.00519EPSS

Exploits1

Wolfi•added 2026/03/30 7:48 p.m.•9 views

GHSA-65XW-VW82-R86X vulnerabilities

Wolfi•added 2026/03/27 1:48 p.m.•8 views

CVE-2026-33871 vulnerabilities

Vulnerabilities for packages: kserve-modelmesh, akhq, trino, management-api-for-apache-cassandra-5.0, strimzi-kafka-operator, flyway, thingsboard, keycloak, apache-pulsar, druid, spark, wavefront-proxy, wildfly, opensearch, apicurio-registry, zipkin, infinispan...

8.7CVSS6.8AI score0.00604EPSS

Wolfi•added 2026/03/27 1:48 p.m.•5 views

GHSA-W9FJ-CFPG-GRVV vulnerabilities

Chainguard•added 2026/03/27 1:18 p.m.•4 views

GHSA-W9FJ-CFPG-GRVV vulnerabilities

Vulnerabilities for packages: hono, seata, spark-fips, keycloak, pinot, akhq, knative-kafka-broker-fips, flyway-fips, kayenta, thingsboard, camunda-zeebe, opensearch, opensearch-fips, spark, elasticsearch-fips, infinispan, kafka-bridge-fips, kafbat-ui-fips, kserve-modelmesh, strimzi-kafka-operato...