Lucene search
K

1124 matches found

OSV
OSV
added 2025/12/02 1:21 a.m.6 views

GHSA-VJR8-56P3-FMQQ Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS5.8AI score0.00386EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/12/02 1:21 a.m.8 views

Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS6.2AI score0.00386EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

2.7CVSS4.2AI score0.00366EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/20 9:30 p.m.3 views

EUVD-2025-198351

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

2.7CVSS3.6AI score0.00366EPSS
Exploits1References2
NVD
NVD
added 2025/11/20 8:16 p.m.5 views

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

2.7CVSS0.00366EPSS
Exploits1References1
OSV
OSV
added 2025/11/20 8:16 p.m.5 views

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

2.7CVSS6.7AI score
Exploits0References1
CVE
CVE
added 2025/11/20 7:10 p.m.23 views

CVE-2025-52666

Summary: CVE-2025-52666 affects Revive Adserver (versions 5.5.2, 6.0.1 and earlier). The issue is an improper neutralisation of format characters in the settings, which leads to a fatal PHP error that can cause the administrator user console to be disabled. The incident is described across multip...

2.7CVSS6.4AI score0.00366EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/20 7:10 p.m.2 views

CVE-2025-52666

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

2.7CVSS3.8AI score0.00366EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.4 views

PT-2025-47616

Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error...

2.7CVSS6.8AI score0.00366EPSS
Exploits1References1
CVE
CVE
added 2025/11/18 11:28 a.m.19 views

CVE-2025-6670

Summary: CVE-2025-6670 describes a CSRF vulnerability in multiple WSO2 products due to using HTTP GET for state-changing admin service operations in the Carbon console event processor. Despite SameSite=Lax mitigation, the cookie attribute is ineffective for cross-origin top-level navigations, all...

8.8CVSS6AI score0.0019EPSS
Exploits0References1Affected Software9
RedHat Linux
RedHat Linux
added 2025/11/13 7:30 p.m.7 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.4 Images Security Update

New images are available for Red Hat build of Keycloak 26.4.4 and Red Hat build of Keycloak 26.4.4 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

6.8CVSS5.8AI score0.00456EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/11/13 5:51 p.m.5 views

org.keycloak/keycloak-quarkus-server: Unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS5.7AI score0.00386EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/11/13 5:51 p.m.10 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.4 Security Update

New Red Hat build of Keycloak 26.4.4 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

6.8CVSS5.8AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/28 3:8 a.m.8 views

CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS0.00386EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/28 3:8 a.m.5 views

CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS6.1AI score0.00386EPSS
Exploits0References6
CVE
CVE
added 2025/10/28 3:8 a.m.23 views

CVE-2025-10939

Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...

3.7CVSS6.2AI score0.00386EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/15 4:43 p.m.5 views

CVE-2025-42906

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a lo...

5.3CVSS6.6AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/14 12:17 a.m.3 views

EUVD-2025-34123

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a lo...

5.3CVSS6.1AI score0.00391EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.4 views

PT-2025-41839

Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud affected versions not specified Description SAP Commerce Cloud contains a path traversal issue that could allow users to access web applications, such as the Administration Console, from locations where it is not explicitly...

5.3CVSS6.3AI score0.00391EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/10/10 11:42 a.m.6 views

From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation

Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer MFT that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11...

10CVSS7.2AI score0.99614EPSS
Exploits2
Rows per page
Query Builder