13159 matches found
CVE-2026-4634
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...
CVE-2026-4634 Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...
CVE-2026-4634 Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...
CVE-2026-33617
CVE-2026-33617 concerns MB connect line mbCONNECT24, with vulnerability in the data24 endpoint allowing unauthenticated access to a configuration file containing database credentials. The impact is limited to confidentiality (LOW) and there is no endpoint described that uses the credentials. No e...
CVE-2026-33616
CVE-2026-33616 concerns mb CONNECT24’s mb24api endpoint, where an unauthenticated blind SQL injection is possible due to improper handling of SQL SELECT elements. The description notes total loss of confidentiality if exploited. The CVSS 3.1 base score is 7.5 (HIGH), with network access, no privi...
CVE-2026-33615
The CVE-2026-33615 entry concerns MB connect line mbCONNECT24 with an unauthenticated SQL injection in the setinfo endpoint. The issue arises from improper neutralization in a SQL UPDATE command, enabling an attacker with network access (no auth, no user interaction) to compromise integrity and a...
CVE-2026-33614
CVE-2026-33614 concerns MB connect line mbCONNECT24, where an unauthenticated SQL injection is possible in the getinfo endpoint. The vulnerability arises from improper neutralization of special elements in a SQL SELECT command, leading to potential total loss of confidentiality (CVSS v3.1 base sc...
PT-2026-29731
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...
MB Connect Line mbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports features such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability, which stems from improper handling ...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability that stems from sending a specially crafted POST request with an excessively long scope parameter to the OIDC token endpoint. This can lead to excessive resource...
PT-2026-29798
Summary SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirect uri. Because the redirectUri configuration is silently unset by default, an attacker spoof the Host header to steal OAut...
OpenBao Authorization Issues Vulnerability
OpenBao is OpenBao open source a sensitive data management software . OpenBao there is an authorization problem vulnerability , the vulnerability stems from JWT/OIDC login and role callbackmode is set to direct when the user is not prompted to confirm , an attacker can use this vulnerability lead...
MB Connect Line mbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports functions such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability, which stems from improper handling...
MB Connect Line mbCONNECT24 SQL注入漏洞
MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports functions such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability, which stems from improper handling...
MB Connect Line mbCONNECT24 安全漏洞
MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports features such as remote access, data recording, and alarm notifications. There is a security vulnerability in MB Connect Line mbCONNECT24; this vulnerability stems from th...
3box-orbitdb-plugins (>=2.0.0 <=2.1.2), 3id-connect (>=0.1.0 <=1.0.0-beta.15) +2289 more potentially affected by unknown CVE via @stablelib/ed25519 (>=0.7.2 <=1.0.3)
@stablelib/ed25519 NPM version =0.7.2, =2.0.0, =0.1.0, =1.0.0-alpha.6, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.21, =1.0.42, =0.0.1, =0.1.0, =1.0.0, =1.10.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-X3FF-W252-2G7J...
CVE-2026-27101
Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...
CVE-2026-27101
Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...
CVE-2026-27101
Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...
CVE-2026-27101
Dell Secure Connect Gateway SCG 5.0 Appliance and Application versions 5.28.00.xx to 5.32.00.xx, contains an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker within the management network could potentially exploit this...