Lucene search
K

7 matches found

OSV
OSV
added 2026/04/02 3:31 p.m.5 views

GHSA-RX66-HJ7G-28H7 Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS6AI score0.0025EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/04/02 1:54 p.m.4 views

keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/02 1:53 p.m.4 views

keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS6AI score0.0025EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 1:16 p.m.6 views

CVE-2026-4325

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS0.0025EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:44 p.m.6 views

CVE-2026-4325

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References7
CVE
CVE
added 2026/04/02 12:44 p.m.17 views

CVE-2026-4325

CVE-2026-4325 involves Keycloak’s SingleUseObjectProvider, a global key-value store, lacking proper type and namespace isolation. The issue allows an attacker to delete arbitrary single-use entries, enabling the replay of consumed action tokens (e.g., password reset links) and potentially leading...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:56 p.m.27 views

CVE-2021-24911 Transposh WordPress Translation < 1.0.8 - Stored Cross-Site Scripting

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tptranslation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack...

5.6AI score0.00586EPSS
Exploits4References1
Rows per page
Query Builder