Lucene search
+L

73 matches found

EUVD
EUVD
added 2026/02/02 7:17 a.m.5 views

EUVD-2026-5130

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

2.7CVSS5.3AI score0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 7:17 a.m.36 views

CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

2.7CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/02 7:17 a.m.2 views

CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

2.7CVSS5.3AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.11 views

PT-2026-5623

A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services...

2.7CVSS5.3AI score0.00236EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/28 2:42 p.m.4 views

Session Fixation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Session Fixation in the backchannel logout when browser cookies are missing. An attacker using the same brows...

6CVSS7.1AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-0509

Malware in sbrugna...

5.5CVSS5.5AI score0.00208EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-384161)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-384161 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If...

5.5CVSS6.2AI score0.00243EPSS
Exploits0References3
OSV
OSV
added 2025/09/23 6:35 p.m.4 views

SUSE-SU-2025:03314-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50116: kernel: tty: ngsm: fix deadlock and link starvation in outgoing data path bsc1244824. - CVE-2024-53177: smb: prevent use-after-free due to...

7.8CVSS7.1AI score0.01345EPSS
Exploits10References36
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.11 views

PT-2025-37260

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Orchestrator LXCO affected versions not specified Description: An attacker with access to a device on the local network segment may be able to manipulate the device to create an alternate communication channel. This could allo...

8.8CVSS5.7AI score0.00237EPSS
Exploits0References4
CVE
CVE
added 2025/01/14 8:36 a.m.95 views

CVE-2024-11736

CVE-2024-11736 (Keycloak) : The vulnerability arises when admins configure backchannel logout or admin URLs containing placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with environment variables/system properties during URL processing, potentially allowing a...

4.9CVSS5.1AI score0.00765EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/01/13 4:58 p.m.18 views

Keycloak allows unrestricted admin use of system and environment variables

A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...

4.9CVSS6.6AI score0.00765EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2025/01/13 3:43 p.m.9 views

org.keycloak:keycloak-quarkus-server: Unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

4.9CVSS5.8AI score0.00765EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.4 views

PT-2025-1684 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A security issue allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin...

4.9CVSS6.5AI score0.00765EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2024/12/28 3:50 a.m.5 views

SUSE CVE-2024-53217

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...

5.5CVSS7.7AI score0.00243EPSS
Exploits0References17
OSV
OSV
added 2024/12/27 2:15 p.m.6 views

AZL-56346 CVE-2024-53215 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpucounter in svcrdmaprocinit There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC:...

5.5CVSS6.6AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2024/12/27 2:15 p.m.12 views

AZL-56181 CVE-2024-53217 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...

5.5CVSS6.7AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2024/12/27 2:15 p.m.2 views

DEBIAN-CVE-2024-53217

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...

5.5CVSS5.6AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2024/12/27 2:15 p.m.2 views

UBUNTU-CVE-2024-53217

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...

5.5CVSS6.2AI score0.00243EPSS
Exploits0References55
Vulnrichment
Vulnrichment
added 2024/12/27 1:50 p.m.2 views

CVE-2024-53217 NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...

7.6AI score0.00243EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/12/27 1:50 p.m.31 views

CVE-2024-53217 NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4processcbupdate @ses is initialized to NULL. If nfsd4findbackchannel finds no available backchannel session, setupcallbackclient will try to dereference @ses and segfault...

0.00243EPSS
Exploits0References9
Rows per page
Query Builder