21 matches found
keycloak: Keycloak: Security restriction bypass allows unauthorized ROPC token acquisition
A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...
CVE-2026-9792
A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...
CVE-2026-9792 Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition
A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...
CVE-2026-9792 Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition
A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...
CVE-2026-9792
CVE-2026-9792 – Keycloak Client Policies bypass of ROPC block : A flaw in Keycloak’s Client Policies (org.keycloak.protocol.oidc) allows an unauthenticated attacker to obtain tokens via ROPC grants even when a policy blocks them. The issue occurs when certain condition providers (client-type, cli...
CVE-2026-9792
A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...
Improper Handling of Insufficient Permissions or Privileges
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the org.keycloak.protocol.oidc component when...
PT-2026-44183
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the org.keycloak.protocol.oidc component of Keycloak's Client Policies. When specific condition providers—client-type, client-roles, client-attributes, or client-scopes—are...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from the org.keycloak.protocol.oidc component. When certain conditions are met, the reject-ropc-grant executor is silently bypassed, allowing unauthenticated...
CVE-2026-1693
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
EUVD-2026-8837
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
CVE-2026-1693
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
CVE-2026-1693
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
CVE-2026-1693 Use of vulnerable Resource Owner Password Credentials flow
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
CVE-2026-1693
The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...
CVE-2026-1693
PcVue versions 12.0.0–16.3.3 expose a vulnerability where the WebVue, WebScheduler, TouchVue, and SnapVue web services continue to use the OAuth Resource Owner Password Credentials (ROPC) flow, a deprecated grant type. This could allow a remote attacker to steal user credentials. Concretely, the ...
PT-2026-22125
Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3 Description The OAuth grant type Resource Owner Password Credentials ROPC flow is still utilized by the web services supporting the WebVue, WebScheduler, TouchVue, and Snapvue features. This practice, despi...
EUVD-2022-34575
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15....
CVE-2022-2303
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Passwo...