Lucene search
K

18 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40299

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/22 6:30 a.m.7 views

be.jidoka:jdk-keycloak-admin (=2.5.0), br.com.consultdg:database-module (>=1.0.1 <=1.0.10) +1147 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

3.7CVSS5.4AI score0.00215EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/02 1:54 p.m.8 views

keycloak-server: Keycloak: Improper Access Control in Admin REST API leads to information disclosure

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS5.8AI score0.0032EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/12 12:30 p.m.8 views

@backingman/keycloak (=0.0.0-alpha), @backstage-community/plugin-catalog-backend-module-keycloak (>=3.1.1 <=3.17.2) +86 more potentially affected by CVE-2026-2366 via @keycloak/keycloak-admin-client (>=15.1.0 <=26.5.5)

@keycloak/keycloak-admin-client NPM version =15.1.0, =3.1.1, =0.1.1, =0.1.1, =0.1.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-2366 Source advisory: OSV:GHSA-R8JR-WG88-FQ5C...

3.1CVSS5.8AI score0.00275EPSS
Exploits0
NVD
NVD
added 2026/02/02 6:16 a.m.10 views

CVE-2025-13881

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...

2.7CVSS0.00364EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/02 5:43 a.m.23 views

CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...

2.7CVSS0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.6 views

PT-2026-5499

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Keycloak Admin API that allows an administrator with limited privileges to retrieve sensitive custom attributes. This is achieved through the /unmanagedAttributes API...

2.7CVSS5.3AI score0.00364EPSS
Exploits0References15
OSV
OSV
added 2026/01/21 3:31 p.m.5 views

GHSA-594W-2FWP-JWRC Keycloak Admin REST API exposes backend schema and rules

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS5.8AI score0.0032EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/21 12:4 p.m.4 views

CVE-2025-14083

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS5.3AI score0.0032EPSS
Exploits0References5
NVD
NVD
added 2025/12/10 9:15 a.m.6 views

CVE-2025-14082

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

2.7CVSS0.0032EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/28 3:8 a.m.8 views

CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS0.00386EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/10/17 5:39 p.m.4 views

com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +29 more potentially affected by CVE-2025-10044 via org.keycloak:keycloak-admin-ui (>=1.0-alpha-1-12062013 <=26.2.5)

org.keycloak:keycloak-admin-ui MAVEN version =1.0-alpha-1-12062013, =2.5.6-24.0, =0.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.2.5 and m...

4.3CVSS5.3AI score0.00291EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/20 6:31 a.m.7 views

be.jidoka:jdk-keycloak-admin (=2.0.0), br.com.devires.framework.boot:devires-framework-boot-audit (=1.1.0) +1079 more potentially affected by CVE-2025-22228 via org.springframework.security:spring-security-crypto (>=6.0.0 <=6.0.1)

org.springframework.security:spring-security-crypto MAVEN version =6.0.0, =1.1.0, =1.1.0, =0.12.0, =0.12.0, =0.12.0, =0.13.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.1.0, =3.0.2.3 and more Source cves: CVE-2025-22228 Source advisory:...

7.4CVSS7.3AI score0.00568EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/11/25 7:40 p.m.3 views

be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.4.0), ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0) +679 more potentially affected by CVE-2024-10039 via org.keycloak:keycloak-core (>=1.0-alpha-1 <=26.0.5)

org.keycloak:keycloak-core MAVEN version =1.0-alpha-1, =2.0.0, =0.1.0, =0.0.1, =1.5.1, =1.5.1, =1.6.2, =1.6.2, =1.5.2, =1.5.2, =1.7.2, =1.7.2, =1.0.22, =1.0.22, =1.4.3, =1.4.3, =1.6.5 and more Source cves: CVE-2024-10039 Source advisory: OSV:GHSA-93WW-43RR-79V3...

5.7AI score0.00101EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/07/18 7:12 p.m.6 views

be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.2.0), cn.sparrowmini:sparrow-keycloak-adapter (>=0.0.1 <=0.0.2) +474 more potentially affected by CVE-2023-0105 via org.keycloak:keycloak-core (>=1.0-alpha-1 <=22.0.0)

org.keycloak:keycloak-core MAVEN version =1.0-alpha-1, =2.0.0, =0.0.1, =1.5.1, =1.5.1, =1.6.2, =1.6.2, =1.5.2, =1.5.2, =1.7.2, =1.7.2, =1.0.22, =1.0.22, =1.4.3, =1.4.3, =1.2.9, =1.5.0 and more Source cves: CVE-2023-0105 Source advisory: OSV:GHSA-C7XW-P58W-H6FJ...

6.5CVSS6.5AI score0.007EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/09/01 9:15 p.m.2 views

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

3.8CVSS5.9AI score0.00572EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/20 12:0 a.m.6 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.2.0) +1533 more potentially affected by CVE-2022-22978 via org.springframework.security:spring-security-core (>=5.5.0 <=5.5.6)

org.springframework.security:spring-security-core MAVEN version =5.5.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.13.0, =1.13.0, =2.2.0 - be.jidoka:jdk-keycloak-admin =1.2.0 and more Source cves: CVE-2022-22978 Source advisory:...

9.8CVSS6.7AI score0.10037EPSS
Exploits6
Rows per page
Query Builder