Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2026/05/15 9:8 a.m.9 views

Improper Authentication

auth is vulnerable to Improper Authentication. The vulnerability is due to incorrect mapping of all Patreon OAuth accounts to the same local user ID, which allows an attacker to gain unauthorized access through account merging and privilege confusion...

9.1CVSS5.8AI score0.00417EPSS
Exploits0References6Affected Software2
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-20994

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00224EPSS
Exploits0References13
Github Security Blog
Github Security Blogadded 2025/07/30 1:16 p.m.11 views

Keycloak phishing attack via email verification step in first login flow

There is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to "review profile" information, which allows the the attacker to...

7.1CVSS6AI score0.00224EPSS
Exploits0References14Affected Software1
Github Security Blog
Github Security Blogadded 2025/07/10 3:31 p.m.10 views

Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References11Affected Software1
OSV
OSVadded 2025/07/10 3:31 p.m.6 views

GHSA-GJ52-35XM-GXJH Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account...

5.4CVSS5.8AI score0.00224EPSS
Exploits0References11
NVD
NVDadded 2025/07/10 3:15 p.m.5 views

CVE-2025-7365

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

7.1CVSS0.00224EPSS
Exploits0References8
CVE
CVEadded 2025/07/10 2:20 p.m.49 views

CVE-2025-7365

Keycloak vulnerability CVE-2025-7365 involves an IdP login flow where an authenticated attacker merging accounts can alter their email to match a victim’s, triggering a verification email to the victim. If the victim clicks the verification link, the attacker could gain access to the victim’s acc...

7.1CVSS6.2AI score0.00224EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2025/07/10 2:20 p.m.14 views

CVE-2025-7365 Keycloak: phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

7.1CVSS0.00224EPSS
Exploits0References8
Rows per page
Query Builder