Lucene search
K

6 matches found

EUVD
EUVD
added 2026/04/06 9:31 a.m.4 views

EUVD-2026-19201

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

3.7CVSS5.9AI score0.00253EPSS
Exploits0References3
OSV
OSV
added 2026/04/06 9:31 a.m.7 views

GHSA-5V8V-XVJV-57X7 Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

3.7CVSS5.8AI score0.00253EPSS
Exploits0References4
NVD
NVD
added 2026/04/06 9:16 a.m.3 views

CVE-2026-37977

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

5.3CVSS0.00253EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 8:38 a.m.4 views

CVE-2026-37977

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30582

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak that allows a remote attacker to exploit a Cross-Origin Resource Sharing CORS header injection in the User-Managed Access UMA token endpoint. The issue arises becau...

5.3CVSS5.3AI score0.00253EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.7 views

CVE-2026-30949

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

8.8CVSS5.8AI score0.00426EPSS
Exploits0References1
Rows per page
Query Builder