3 matches found
CVE-2026-37978 Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api
A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...
Authorization Bypass Through User-Controlled Key
Overview @withstudiocms/auth-kit is an Utilities for managing authentication Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke API tokens belonging to other users,...
Jerome Gamez Firebase Admin SDK for PHP Access Control Error Vulnerability
Jerome Gamez Firebase Admin SDK for PHP is a PHP-based software development kit. An access control error vulnerability exists in the src/Firebase/Auth/IdTokenVerifier.php file in the Jerome Gamez Firebase Admin SDK for PHP versions 3.2.0 through 3.8.0, which stems from the program's failure to...