Lucene search
K

30 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-14781 Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to userinfo email

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-41732

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.8 views

CVE-2026-40810

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.8AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 8:16 a.m.29 views

CVE-2026-40810

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:38 a.m.8 views

CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:38 a.m.17 views

CVE-2026-40810

An unauthenticated SQL injection vulnerability affects the userinfo endpoint, due to improper neutralization of special elements in a SQL SELECT command. A remote attacker can exploit it to cause a total loss of confidentiality. CVE-2026-40810 has CVSS v3.1 base score 7.5 (HIGH) and CVSS v4.0 bas...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:38 a.m.33 views

CVE-2026-40810 Unauthenticated SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 7:38 a.m.10 views

EUVD-2026-32110

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:38 a.m.8 views

CVE-2026-40810

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2Affected Software4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-43550

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 6:22 a.m.13 views

Incorrect Implementation of Authentication Algorithm

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm through the TokenManager and OIDC endpoint token checks ...

5.4CVSS5.4AI score0.00281EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.6 views

CVE-2026-32969

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS5.9AI score0.00443EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 12:30 p.m.17 views

EUVD-2026-14407

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS5.9AI score0.00443EPSS
Exploits0References3
NVD
NVD
added 2026/03/23 12:16 p.m.5 views

CVE-2026-32969

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS0.00443EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/23 11:16 a.m.21 views

CVE-2026-32969 Pre-Auth Blind SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS0.00443EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 11:16 a.m.3 views

CVE-2026-32969 Pre-Auth Blind SQLi in userinfo Endpoint

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.5CVSS5.9AI score0.00443EPSS
Exploits0References2
Rows per page
Query Builder