Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 a.m.11 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5AI score0.00348EPSS
Exploits0References3
OSV
OSV
added 2026/01/21 7:16 a.m.2 views

UBUNTU-CVE-2025-14559

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.7AI score0.00443EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/21 6:13 a.m.4 views

CVE-2025-14559 Org.keycloak/keycloak-services: keycloak keycloak-services: business logic flaw allows unauthorized token issuance for disabled users

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.4AI score0.00443EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/21 6:13 a.m.19 views

EUVD-2026-3686

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.4AI score0.00443EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3753

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the keycloak-services component of Keycloak. This issue allows the issuance of access and refresh tokens for disabled users, potentially leading to unauthorized use of...

8.5CVSS5.4AI score0.00443EPSS
Exploits0References19
Rows per page
Query Builder