1114 matches found
CVE-2025-6670
Summary: CVE-2025-6670 describes a CSRF vulnerability in multiple WSO2 products due to using HTTP GET for state-changing admin service operations in the Carbon console event processor. Despite SameSite=Lax mitigation, the cookie attribute is ineffective for cross-origin top-level navigations, all...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.4 Images Security Update
New images are available for Red Hat build of Keycloak 26.4.4 and Red Hat build of Keycloak 26.4.4 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...
org.keycloak/keycloak-quarkus-server: Unable to restrict access to the admin console
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.4 Security Update
New Red Hat build of Keycloak 26.4.4 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...
CVE-2025-10939
Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...
CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...
CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console
A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...
CVE-2025-42906
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a lo...
EUVD-2025-34123
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a lo...
PT-2025-41839
Name of the Vulnerable Software and Affected Versions SAP Commerce Cloud affected versions not specified Description SAP Commerce Cloud contains a path traversal issue that could allow users to access web applications, such as the Administration Console, from locations where it is not explicitly...
From Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 Exploitation
Fortra on Thursday revealed the results of its investigation into CVE-2025-10035, a critical security flaw in GoAnywhere Managed File Transfer MFT that's assessed to have come under active exploitation since at least September 11, 2025. The company said it began its investigation on September 11...
EUVD-2007-2967
Malware in sbrugna...
EUVD-2013-2906
Malware in sbrugna...
EUVD-2007-4494
Malware in sbrugna...
EUVD-2014-6341
Malware in sbrugna...
EUVD-2020-4224
Malware in sbrugna...
EUVD-2014-0405
Malware in sbrugna...
EUVD-2021-26221
Malware in sbrugna...
EUVD-2005-4868
Malware in sbrugna...
EUVD-2021-1153
Malware in sbrugna...