Lucene search
K

1171 matches found

Github Security Blog
Github Security Blog
added 2026/03/12 12:30 p.m.7 views

Keycloak vulnerable to authorization bypass via the Admin API

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

3.1CVSS5.8AI score0.00275EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2026/03/12 10:54 a.m.25 views

CVE-2026-2366 Keycloak: keycloak: information disclosure via authorization bypass in admin api

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

3.1CVSS0.00275EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/12 10:54 a.m.3 views

CVE-2026-2366 Keycloak: keycloak: information disclosure via authorization bypass in admin api

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

3.1CVSS5.8AI score0.00275EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/12 10:54 a.m.3 views

CVE-2026-2366

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

3.1CVSS5.8AI score0.00275EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24939

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

3.1CVSS5.8AI score0.00275EPSS
Exploits0References5
NVD
NVD
added 2026/03/11 10:16 p.m.4 views

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

7.7CVSS0.00393EPSS
Exploits0References3
Talos Blog
Talos Blog
added 2026/03/11 10:0 a.m.13 views

Agentic AI security: Why you need to know about autonomous agents now

Agentic AI is making headlines worldwide for its potential force-multiplying capabilities, and organizations are understandably intrigued by how it can improve throughput and capabilities. However, as with any technological revolution, unforeseen issues are inevitable, and agentic AI is no...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/03/06 1:0 p.m.22 views

Introducing Wiz Tenant Manager: Multi-Tenant Management for Federated Organizations

Experience full Wiz security with zero friction, managing multiple tenants in a single console...

5.8AI score
Exploits0
NVD
NVD
added 2026/03/04 10:16 p.m.6 views

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS0.0026EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/04 9:32 p.m.5 views

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

6CVSS5.9AI score0.0026EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2026/03/04 5:21 p.m.14 views

149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion. "The hacktivist threat in the Middle East is highly lopsided, with two groups, Keymous+ and DieNet, drivi...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/04 4:4 p.m.20 views

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

In this article 1. Operational overview of Tycoon2FA 2. Mitigation and protection guidance 3. Microsoft Defender detections Following its emergence in August 2023, Tycoon2FA rapidly became one of the most widespread phishing-as-a-service PhaaS platforms, enabling campaigns responsible for tens of...

5.6AI score
Exploits0
OSV
OSV
added 2026/02/25 2:2 a.m.6 views

CVE-2026-25135 OpenEMR's location resource for Group.$export operation returns entire patient/user population contact information

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

4.5CVSS5.5AI score0.00219EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2026/02/19 1:0 p.m.5 views

Adapt, Protect, and Extend: How Partners Can Help Orgs Unlock ROI from AI

...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 5:27 p.m.11 views

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group GTIG described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have...

6AI score
Exploits0
Snyk
Snyk
added 2026/02/11 11:11 a.m.2 views

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the Admin API when the Organizations feature is enabled...

3.1CVSS5.8AI score0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7491

A stack-use-after-return issue exists in the Arduino Core STM32 library prior to version 1.7.0. The pwm start function allocates a TIM HandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the functi...

5.3CVSS5.8AI score0.00179EPSS
Exploits0References7
Akamai Blog
Akamai Blog
added 2026/02/10 2:0 p.m.5 views

Industrialized Ransomware: Confronting the New Reality

Read about the new ransomware reality and what most security strategies get wrong. Learn how to protect your organization in 2026...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.9 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the lack of encryption signature verification. Attackers could successfully self-register with unauthorized organizations by modifying the organization...

8.1CVSS5.8AI score0.00453EPSS
Exploits2References5
OSV
OSV
added 2026/02/02 11:16 a.m.5 views

CVE-2024-4147

In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability stems from the application's failure to validate the ownership of the prompt before deletion, on...

6.5CVSS5.8AI score0.00388EPSS
Exploits1References2
Rows per page
Query Builder