65 matches found
EUVD-2026-18206
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
keycloak: Keycloak: Information disclosure due to redirect_uri validation bypass
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
CVE-2026-3872
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
CVE-2026-3872 Keycloak: keycloak: information disclosure due to redirect_uri validation bypass
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
CVE-2026-3872
CVE-2026-3872 involves Keycloak and describes a flaw where an attacker controlling another path on the same web server can bypass the allowed path in redirect URIs that use a wildcard. This bypass can lead to information disclosure by theft of an access token. The connected documents confirm the ...
CVE-2026-3872
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...
CVE-2026-27191
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...
CVE-2026-27191
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...
CVE-2026-27191
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...
PT-2026-21346
Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without validation, allowing attackers to steal access tokens via URL authority injection. This leads to...
EUVD-2020-12589
Malware in sbrugna...
EUVD-2023-57503
Malicious code in bioql PyPI...
EUVD-2023-0093
Malicious code in bioql PyPI...
EUVD-2024-42264
Malicious code in bioql PyPI...
EUVD-2022-38942
Malicious code in bioql PyPI...
EUVD-2025-14367
Malicious code in bioql PyPI...
CVE-2025-32878
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end...
PT-2025-26314 · Coros · Coros Pace 3
Name of the Vulnerable Software and Affected Versions: COROS PACE 3 versions through 3.0808.0 Description: An issue was discovered that allows an attacker to eavesdrop and manipulate HTTPS communication. The device does not validate the X.509 server certificate within the TLS handshake, enabling ...
CVE-2022-3483
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the...
VMware Aria Automation 8.18.x < 8.18.1 patch 2 DOM Based XSS (VMSA-2025-0008)
The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0008 advisory. - VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token o...