Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from an authentication flaw in the WebAuthn process. This flaw allows remote attackers to reissue the ExecuteActionsActionToken token, enabling them ...

CVE-2026-31635

A flaw was found in the Linux kernel's rxrpc component. An inverted length check in the rxgkverifyresponse function allows oversized RESPONSE authenticators to be accepted. This can lead to an impossible length being passed to skbtosgvec, triggering a BUGON condition and resulting in a system...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to cache key confusion. An attacker can gain unauthorized access by using a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Note: This is onl...

EUVD-2025-208135

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

GHSA-7G5X-9C4V-4W5R Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

CVE-2025-12150

Keycloak CVE-2025-12150 is addressed in Red Hat advisories for Keycloak 26.4.4 (images and Operator) with a security fix labeled as a WebAuthn Attestation Statement Verification Bypass. The Red Hat advisories list this CVE under security fixes for multiple Keycloak builds. SNYK also references th...

CVE-2025-12150

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

Keycloak 数据伪造问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a vulnerability related to data falsification. This vulnerability stems from defects in the WebAuthn registration component, which may allow for bypassing configured proofing policies and...

PT-2026-22313

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

org.keycloak/keycloak-services: WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

org.keycloak/keycloak-services: WebAuthn Attestation Statement Verification Bypass

A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require...

EUVD-2020-0156

Malware in sbrugna...

EUVD-2025-3074

Malicious code in bioql PyPI...

DRUPAL-CONTRIB-2025-009

This module allows a site to setup two factor authentication via QR code using authenticator applications on mobile devices including phones. The module does not properly protect its custom paths, allowing one user to access a different user's two factor configuration...

[SECURITY] Fedora 41 Update: pam-u2f-1.3.2-1.fc41

The PAM U2F module provides an easy way to integrate the Yubikey or other U2F-compliant authenticators into your existing user authentication infrastructure...

SUSE CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...