Lucene search
K

17 matches found

RedHat Linux
RedHat Linux
added 2026/05/20 11:23 a.m.12 views

keycloak: Keycloak: Access token disclosure and implicit flow bypass via forged client data

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...

7.1CVSS5.7AI score0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 12:31 p.m.8 views

GHSA-HQ3P-W4XV-X7VP Keycloak: Access token disclosure and implicit flow bypass via forged client data

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...

7.1CVSS5.7AI score0.00344EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.9 views

Keycloak: Access token disclosure and implicit flow bypass via forged client data

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...

7.1CVSS5.7AI score0.00344EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2026/05/19 11:1 a.m.39 views

CVE-2026-7571 Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client data

A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow in OpenID Connect OIDC clients. By manipulating client data during a session restart, an attacker can obtain an access token th...

7.1CVSS0.00344EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.3 views

gitpod 安全漏洞

gitpod is a cloud-based integrated development environment open-sourced by gitpod. A security vulnerability exists in versions prior to gitpod main-gha.33628, which stems from mishandling of the Bitbucket OAuth integration, which could lead to access token disclosure...

6.5CVSS6.5AI score0.00307EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.4 views

Element 安全漏洞

Element is a Matrix web collaboration client from Element Open Source. A security vulnerability exists in Element that stems from a vulnerability that could lead to an access token disclosure under certain circumstances...

7CVSS6.3AI score0.00417EPSS
Exploits0References3
CVE
CVE
added 2024/08/20 12:0 a.m.58 views

CVE-2024-31842

Italtel Embrace 1.6.4 is affected by a vulnerability where the web application inserts an authenticated user’s access token into GET requests. The token appears in the URL’s query string and can be stored in browser history, Referer headers, web logs, or other sources, enabling attackers to use t...

8.8CVSS6.4AI score0.00384EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.5 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in craftmembers. A remote attacker can exploit the vulnerability to send a malicious notification to the victim...

6.5CVSS6.8AI score0.00353EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.5 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in taketorinoyu. A remote attacker could exploit the vulnerability to send a malicious notification to the victim...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.6 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in Lil.OFF-PRICE STORE. A remote attacker could exploit the vulnerability to send a malicious notification to the victim...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.7 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in besttrainingmember. A remote attacker can exploit the vulnerability to send malicious notifications...

6.5CVSS6.8AI score0.00353EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.6 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue in DRAGON FAMILY. A remote attacker can exploit the vulnerability to send a malicious notification to the victim...

6.5CVSS6.8AI score0.00353EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/11/09 12:0 a.m.4 views

Line Security Breach

Line is an instant messaging platform from Line Inc. A security vulnerability exists in Line version 13.6.1, which stems from an access token disclosure issue with F.B.P members. A remote attacker could exploit the vulnerability to send a malicious notification to the victim...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/25 12:0 a.m.6 views

PT-2023-5447 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.23.0 Description: The issue affects Docker Desktop and is related to the disclosure of protected information. It allows a remote attacker to obtain an access token using a specially crafted extension icon UR...

10CVSS6.4AI score0.00683EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.42 views

Jenkins Gitea Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00332EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.6 views

Jupyter Server 安全漏洞

Jupyter Server is a Jupyter community application used to provide back-end services for Jupyter web applications. A security vulnerability exists in Jupyter Server versions prior to 1.17.1. An attacker could exploit this vulnerability to disclose access tokens to a malicious third party and modif...

9CVSS7.9AI score0.00846EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2018/10/01 12:0 a.m.541 views

Gitlab -- multiple vulnerabilities

Gitlab reports: SSRF GCP access token disclosure Persistent XSS on issue details Diff formatter DoS in Sidekiq jobs Confidential information disclosure in events API endpoint validatelocalhost function in urlblocker.rb could be bypassed Slack integration CSRF Oauth2 GRPC::Unknown logging token...

9.8CVSS2.1AI score0.00839EPSS
Exploits0References1
Rows per page
Query Builder