Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 5:40 p.m.7 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Images Security Update

New images are available for Red Hat build of Keycloak 26.4.13 and Red Hat build of Keycloak 26.4.13 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

8.8CVSS5.9AI score0.00519EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.14 views

keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

5.3CVSS5.5AI score0.00253EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 9:38 p.m.10 views

CVE-2026-9739

Vulnerable to DNS rebinding attacks when using SSE http://b/499408790. During the beta phase, we implemented allowed-origins and allowed-hosts flags to align with MCP security guidelines. However, the hardcoded Access-Control-Allow-Origin: header in the SSE initialization handler was inadvertentl...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/06 9:31 a.m.5 views

Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 8:38 a.m.1 views

CVE-2026-37977 Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

3.7CVSS5.9AI score0.00253EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/06 8:34 a.m.4 views

Origin Validation Error

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Origin Validation Error in the UMA token endpoint when the azp claim from a client-supplied JWT is used to se...

6.3CVSS5.4AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/04/02 2:56 p.m.1 views

CVE-2026-33533 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

7.1CVSS5.9AI score0.00409EPSS
Exploits1References5
OSV
OSV
added 2026/03/20 9:5 a.m.4 views

BIT-CEPH-2020-10753

A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the...

6.5CVSS6.8AI score0.01619EPSS
Exploits0References8
OSV
OSV
added 2025/08/20 5:36 a.m.12 views

USN-7706-1 ceph vulnerabilities

It was discovered that Ceph incorrectly handled read-only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 14.04 LTS. CVE-2018-14662 Sergey Bobrov discovered that Ceph’s RadosGW Ceph Object Gateway allowed the injectio...

6.5CVSS7.3AI score0.01612EPSS
Exploits0References3
OSV
OSV
added 2025/02/10 5:48 p.m.49 views

GHSA-67MH-4WV8-2F99 esbuild enables any website to send any requests to the development server and read the response

Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...

5.3CVSS6.8AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/01/30 3:47 a.m.3 views

SUSE CVE-2025-23047

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...

6.5CVSS6.5AI score0.00481EPSS
Exploits0References3
OSV
OSV
added 2025/01/28 3:1 p.m.15 views

GO-2025-3416 Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium

Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium...

6.5CVSS6.4AI score0.00481EPSS
Exploits0References3
NVD
NVD
added 2025/01/22 6:15 p.m.43 views

CVE-2025-23047

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...

6.5CVSS0.00481EPSS
Exploits0References2
OSV
OSV
added 2025/01/22 6:9 p.m.11 views

GHSA-H78M-J95M-5356 Cilium has an information leakage via insecure default Hubble UI CORS header

Impact For users who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart, an insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure. A user with access to a Hubble UI instance affected by this issue could leak configuration details about...

6.5CVSS6.3AI score0.00481EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/01/22 6:9 p.m.12 views

Cilium has an information leakage via insecure default Hubble UI CORS header

Impact For users who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart, an insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure. A user with access to a Hubble UI instance affected by this issue could leak configuration details about...

6.5CVSS6.4AI score0.00481EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/22 5:20 p.m.9 views

CVE-2025-23047 Cilium vulnerable to information leakage via insecure default Hubble UI CORS header

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...

6.5CVSS6.4AI score0.00481EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/22 5:20 p.m.20 views

CVE-2025-23047 Cilium vulnerable to information leakage via insecure default Hubble UI CORS header

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...

6.5CVSS0.00481EPSS
Exploits0References2
CVE
CVE
added 2025/01/22 5:20 p.m.303 views

CVE-2025-23047

CVE-2025-23047 affects Cilium with Hubble UI when deployed; insecure default Access-Control-Allow-Origin header can expose cluster configuration. Affected: 1.14.0–1.14.7, 1.15.0–1.15.11, 1.16.0–1.16.4. Exploit requires visiting a malicious page; could reveal Kubernetes cluster details (node names...

6.5CVSS6.2AI score0.00481EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.8 views

PT-2025-4791 · Cilium +1 · Cilium +1

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14.0 through 1.14.7 Cilium versions 1.15.0 through 1.15.11 Cilium versions 1.16.0 through 1.16.4 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default...

8.9CVSS6.5AI score0.0104EPSS
Exploits2References92
PyPA
PyPA
added 2024/08/18 7:15 p.m.10 views

PYSEC-2024-260

Withdrawn as duplicate of PYSEC-2024-71. A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant...

7.5CVSS6.7AI score0.00677EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder