Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Images Update

New images are available for Red Hat build of Keycloak 26.4.11 and Red Hat build of Keycloak 26.4.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2), org.glassfish.main.featuresets:debug (>=6.2.5 <=9.0.0-M2) +5 more potentially affected by CVE-2025-14340 via org.glassfish.main.admin:rest-service (>=5.0.1 <=9.0.0-M2)

org.glassfish.main.admin:rest-service MAVEN version =5.0.1, =7.0.16, =6.2.5, =7.1.0, =7.1.0, =5.0.1, =5.0.1, =5.0.1, =9.0.0-M2 Source cves: CVE-2025-14340 Source advisory: SNYK:JAVA-ORGGLASSFISHMAINADMIN-15323111...

CVE-2025-14082

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

CVE-2025-14082 Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

CVE-2025-14082

The CVE-2025-14082 issue affects Keycloak’s Admin REST API. Affected component: Keycloak Admin REST endpoints; root cause: insufficient authorization checks on the /admin/realms/{realm}/roles endpoint allow an attacker with high privileges to access sensitive role metadata. Impact: information di...

CVE-2025-14082

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint. Mitigation Mitigation for this issue is either not available or...

CVE-2024-3656 Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities

A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise...

Cross-site Scripting (XSS)

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of device id in raw HTML, which can be used to make arbitrary calls to the...

HTML Injection

org.keycloak:keycloak-services is vulnerable to HTML Injection. A malicious user is able to send emails containing phishing links to users via the execute-actions-email endpoint of the admin REST API...

HTML Injection in Keycloak Admin REST API

The execute-actions-email endpoint of the Keycloak Admin REST API allows a malicious actor to send emails containing phishing links to Keycloak users...

JFrog Artifactory 安全漏洞

JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustering and high-availability Docker registries, and provides an end-to-end solution for automating the tracking of artifacts from development to production. A security...

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

SSRF Vulnerability in Kong API Gateway Admin Rest API

Kong API Gateway is one of the most popular cloud-native API gateways, with two branches, open source and enterprise, which is widely used as API access middleware for cloud-native, microservice, and service-less cloud function scenarios, providing cloud-native applications with authentication,...