GHSA-VJR8-56P3-FMQQ Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer MFT that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11...

PT-2021-23328 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: ARCHIBUS Web Central version 21.3.3.815 Description: The issue arises from the software's failure to properly validate requests for access to data and functionality in several affected endpoints: "/archibus/schema/ab-edit-users.axvw",...