Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CNNVD
CNNVDadded 2026/04/30 12:0 a.m.7 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the fact that the Account REST API is only partially disabled. Five endpoints remain fully functional, and there is no gatekeeper for...

5.4CVSS5.8AI score0.00029EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/03/11 6:30 p.m.2 views

Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API

A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...

4.2CVSS5.8AI score0.00017EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/11 4:17 p.m.4 views

CVE-2026-3429

A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...

4.2CVSS5.8AI score0.00017EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/11 4:17 p.m.2 views

CVE-2026-3429 Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api

A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered...

4.2CVSS5.8AI score0.00017EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2022-1472

Malicious code in bioql PyPI...

4.9CVSS4.6AI score0.00166EPSS
Exploits0References9
Veracode
Veracodeadded 2020/12/19 5:51 a.m.14 views

Privilege Escalation

keycloak is vulnerable to privilege escalation. The Account REST API can update user metadata attributes...

4.2CVSS4.1AI score0.00166EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2020/12/07 5:29 p.m.27 views

CVE-2020-27826

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...

4.9CVSS5.1AI score0.00166EPSS
Exploits0References3
CNNVD
CNNVDadded 2020/12/07 12:0 a.m.3 views

Red Hat Keycloak Security Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in keycloak that stems from the Account REST API that can update user metadata attributes...

4.9CVSS5.8AI score0.00166EPSS
Exploits0References6
Rows per page
Query Builder