4265 matches found
CVE-2026-9800 Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-9800
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
EUVD-2026-39471
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-9799
A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...
CVE-2026-9705
A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...
CVE-2026-9099
A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...
CVE-2026-9086
A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...
CVE-2026-9800
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-54517 vulnerabilities
Vulnerabilities for packages: apache-tika, spark, nacos-docker, nextflow, cassandra, scala, pinot, keycloak-fips, solr, kafka-fips, keycloak, confluent-kafka, apache-camel-karavan-devmode, apache-activemq-fips, logstash-fips, neo4j, nuxeo, druid, logstash, spark-kubernetes-operator,...
GHSA-RCQC-6CW3-H962 vulnerabilities
Vulnerabilities for packages: apache-tika, spark, nacos-docker, nextflow, cassandra, scala, pinot, keycloak-fips, solr, kafka-fips, keycloak, confluent-kafka, apache-camel-karavan-devmode, apache-activemq-fips, logstash-fips, neo4j, nuxeo, druid, logstash, spark-kubernetes-operator,...
GHSA-9FXM-VC8V-HJ55 vulnerabilities
Vulnerabilities for packages: apache-tika, spark, nacos-docker, nextflow, cassandra, scala, pinot, keycloak-fips, solr, kafka-fips, keycloak, confluent-kafka, apache-camel-karavan-devmode, apache-activemq-fips, logstash-fips, neo4j, nuxeo, druid, logstash, spark-kubernetes-operator,...
CVE-2026-54513 vulnerabilities
Vulnerabilities for packages: confluent-common-docker, spark, apache-pulsar, pinot, keycloak, confluent-kafka, logstash-fips, nuxeo, apache-hop, elasticsearch-fips, flyway-fips, airbyte-server, infinispan, wavefront-proxy, kafka-bridge, ruby4.0-jrjackson, apache-tomee, hadoop-client-modules,...
CVE-2026-54512 vulnerabilities
Vulnerabilities for packages: confluent-common-docker, spark, apache-pulsar, pinot, keycloak, confluent-kafka, logstash-fips, nuxeo, apache-hop, elasticsearch-fips, flyway-fips, airbyte-server, infinispan, wavefront-proxy, kafka-bridge, ruby4.0-jrjackson, apache-tomee, hadoop-client-modules,...
CVE-2026-54514 vulnerabilities
Vulnerabilities for packages: confluent-common-docker, spark, apache-pulsar, pinot, keycloak, confluent-kafka, logstash-fips, nuxeo, apache-hop, elasticsearch-fips, flyway-fips, airbyte-server, infinispan, wavefront-proxy, kafka-bridge, ruby4.0-jrjackson, apache-tomee, hadoop-client-modules,...
GHSA-5HH8-Q8HV-FR38 vulnerabilities
Vulnerabilities for packages: apache-tika, spark, nacos-docker, nextflow, cassandra, scala, pinot, keycloak-fips, solr, kafka-fips, keycloak, confluent-kafka, apache-camel-karavan-devmode, apache-activemq-fips, logstash-fips, neo4j, nuxeo, druid, logstash, spark-kubernetes-operator,...
GHSA-J3RV-43J4-C7QM vulnerabilities
Vulnerabilities for packages: confluent-common-docker, spark, apache-pulsar, pinot, keycloak, confluent-kafka, logstash-fips, nuxeo, apache-hop, elasticsearch-fips, flyway-fips, airbyte-server, infinispan, wavefront-proxy, kafka-bridge, ruby4.0-jrjackson, apache-tomee, hadoop-client-modules,...
GHSA-HGJ6-7826-R7M5 vulnerabilities
Vulnerabilities for packages: confluent-common-docker, spark, apache-pulsar, pinot, keycloak, confluent-kafka, logstash-fips, nuxeo, apache-hop, elasticsearch-fips, flyway-fips, airbyte-server, infinispan, wavefront-proxy, kafka-bridge, ruby4.0-jrjackson, apache-tomee, hadoop-client-modules,...
CVE-2026-54516 vulnerabilities
Vulnerabilities for packages: apache-tika, spark, nacos-docker, nextflow, cassandra, scala, pinot, keycloak-fips, solr, kafka-fips, keycloak, confluent-kafka, apache-camel-karavan-devmode, apache-activemq-fips, logstash-fips, neo4j, nuxeo, druid, logstash, spark-kubernetes-operator,...
CVE-2026-54518 vulnerabilities
Vulnerabilities for packages: apache-tika, spark, nacos-docker, nextflow, cassandra, scala, pinot, keycloak-fips, solr, kafka-fips, keycloak, confluent-kafka, apache-camel-karavan-devmode, apache-activemq-fips, logstash-fips, neo4j, nuxeo, druid, logstash, spark-kubernetes-operator,...
GHSA-RMJ7-2VXQ-3G9F vulnerabilities
Vulnerabilities for packages: confluent-common-docker, spark, apache-pulsar, pinot, keycloak, confluent-kafka, logstash-fips, nuxeo, apache-hop, elasticsearch-fips, flyway-fips, airbyte-server, infinispan, wavefront-proxy, kafka-bridge, ruby4.0-jrjackson, apache-tomee, hadoop-client-modules,...