Lucene search
K

12 matches found

vulnersOsv
vulnersOsv
added 2026/05/19 12:31 p.m.5 views

com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +74 more potentially affected by CVE-2026-7307 via org.keycloak:keycloak-saml-core (>=1.2.0.CR1 <=26.6.1)

org.keycloak:keycloak-saml-core MAVEN version =1.2.0.CR1, =2.5.6-24.0, =1.0.0-25.0, =0.1.0, =2.1, =8.1, =2.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.6.0 and more Source cves: CVE-2026-7307https://vulners.com/cve/CVE-20...

7.5CVSS5.4AI score0.00743EPSS
Exploits0
Snyk
Snyk
added 2026/05/19 10:42 a.m.13 views

Improper Validation of Syntactic Correctness of Input

Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the SAMLParser and SAML11ParserUtil code paths that handle SAML 1.1 assertions and protoc...

8.7CVSS5.9AI score0.00743EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/18 6:31 a.m.9 views

org.keycloak:keycloak-saml-adapter-galleon-pack (>=21.1.0 <=26.5.3), org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter (>=21.1.0 <=22.0.4) +31 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-adapter-core (>=1.6.0.Final <=26.5.3)

org.keycloak:keycloak-saml-adapter-core MAVEN version =1.6.0.Final, =21.1.0, =21.1.0, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =20.0.0, =20.0.0, =1.6.0.Final, =20.0.0, =1.6.0.Final, =20.0.0, =1.6.0.Final, =1.9.8.Final and more Source cves: CVE-2026-2575...

5.3CVSS5.4AI score0.00502EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/18 6:31 a.m.6 views

com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +71 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-core (>=1.2.0.CR1 <=26.5.3)

org.keycloak:keycloak-saml-core MAVEN version =1.2.0.CR1, =2.5.6-24.0, =1.0.0-25.0, =0.1.0, =2.1, =8.1, =2.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.5.3 and more Source cves: CVE-2026-2575https://vulners.com/cve/CVE-20...

5.3CVSS5.4AI score0.00502EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/05 6:28 p.m.7 views

CVE-2026-3047

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language SAML client is configured as an Identity Provider IdP-initiated broker landing target, it can still complete the login process and establish a Single Sign-On SSO session. This allows a remote attacker...

8.8CVSS5.9AI score0.00469EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/16 8:8 a.m.4 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An attacker can cause service disruption...

8.7CVSS6AI score0.00502EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/16 8:8 a.m.6 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An attacker can cause service disruption by sending a highly compressed requests that trigger excessive resource consumption durin...

8.7CVSS6AI score0.00502EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0650

Malware in sbrugna...

8.1CVSS8AI score0.00714EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5865

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00352EPSS
Exploits0References8
OSV
OSV
added 2024/09/09 9:31 p.m.2 views

GHSA-J76J-RQWJ-JMVV Duplicate Advisory: Keycloak Session Fixation vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5rxp-2rhr-qwqv. This link is maintained to preserve external references. Original Description A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cook...

7.5CVSS6.1AI score0.008EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.4 views

PT-2024-38275 · Red Hat · Keycloak Saml Adapters +1

Name of the Vulnerable Software and Affected Versions: Keycloak SAML adapters affected versions not specified Description: A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the...

7.5CVSS6.5AI score0.008EPSS
Exploits0References28
Veracode
Veracode
added 2019/01/15 9:19 a.m.52 views

Information Disclosure

keycloak-saml-core is vulnerable to sensitive information disclosure. The attack exists because SAML messages are being parsed by replacing the string to obtain the attribute values with the system property in StaxParserUtil class. Therefore, attacker can just parse the chosen system property nam...

6.5CVSS6.1AI score0.02457EPSS
Exploits0References22Affected Software250
Rows per page
Query Builder