7 matches found
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from the improper application of the OIDC bypass feature in the domain-level notBefore policy. This vulnerability may cause revoked tokens to remain...
SUSE-SU-2026:0975-1 Security update for python-Authlib
This update for python-Authlib fixes the following issues: - CVE-2026-27962: JWS deserializecompact allows for signature bypass by accepting user-controlled embedded JWK as verification key bsc1259738. - CVE-2026-28490: cryptographic padding oracle in JWE RSA15 key management algorithm bsc1259736...
Discourse 3.4.x < 3.4.0.beta4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...
Nuki Bridge 安全漏洞
Nuki Bridge is a smart lock control software from Nuki. A security vulnerability exists in v1.x versions prior to Nuki Bridge v1.22.0 and v2.x versions prior to v2.13.2, and Nuki Keypad v1.9.2 prior to v1.9.2, which stems from the fact that an attacker may be able to connect to the device and...
Coder 安全漏洞
Coder is an application from Coder that allows you to set up a development environment in a public or private cloud infrastructure. A security vulnerability exists in Coder and CoderV2 that stems from a security hole in OIDC authentication that allows an attacker to bypass authentication and crea...
SUSE CVE-2012-2213
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and...
UBUNTU-CVE-2015-5400
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cachepeer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request...