6 matches found
CVE-2026-16072
A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...
CVE-2026-16072
CVE-2026-16072 affects Keycloak’s organization management component. A delegated administrator with org-management permissions can create an invitation for a non-existent email address and then fetch the secret registration link via the API, enabling creation of new user accounts and their additi...
CVE-2026-16072
A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...
Frappe Technologies Frappe 输入验证错误漏洞
Frappe Technologies Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages. Frappe Technologies had a vulnerability in input validation for versions prior to 14.99.14 and 15.94.0. This vulnerability stemmed from a specially crafted registration URL that...
twitterId is unrelaible source of link
Lines of code Vulnerability details Impact Registration link cannot be relied upon. After the user is registered, User can easily change there twitterId to something else. The old id can later be acquired by someone else, thus making registration link to incorrect person Proof of Concept 1. User ...
Security Bulletin: IBM API Connect's API Manager is vulnerable to invitation and registration link tampering (CVE-2021-20440)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-20440 DESCRIPTION: IBM API Manager does not restrict member registration to the intended recepient. An attacker who is a valid user in the user registry used by API Manager can use a stolen...