EUVD-2026-32212

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises when the client application’s configuration accepts broad redirect URIs. A remote attacker could manipulate the authentication process...

📄 cPanel Authentication Manipulation / Session Injection

This Python script attempts to an authentication bypass against a cPanel login endpoint by crafting a modified login request and manipulating session-related data. Versions after 11.40 are affected...

EUVD-2024-48395

Malicious code in bioql PyPI...

CVE-2024-7475

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2024-7475

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

CVE-2024-7475 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

CVE-2024-7475 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Exploit

Electrolink FM/DAB/TV Transmitter suffers from an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. It is also vulnerable to account takeover and arbitrary password change. !/usr/bin/env python Electrolink FM/DAB/T...

CVE-2021-27215

An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces Admin, Userweb, Sidechannel can use different methods to perform the authentication of a user. A specific authentication method during login does not check th...

CVE-2018-15605

An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature...

Flaw Lets Attackers Bypass PayPal Two-Factor Authentication

There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim’s account to any recipient he chooses. The flaw lies in the way that the PayPal...

Zikula CMS v1.3.5 - Multiple Web Vulnerabilities

Document Title: =============== Zikula CMS v1.3.5 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1114 Release Date: ============= 2013-10-15 Vulnerability Laboratory ID VL-ID: ==================================== 1114 Comm...