CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Positive Technologies•added 2026/03/20 12:0 a.m.•2 views

PT-2026-26752

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.1.0 Description The Caldav endpoint allows login using Basic Authentication, which bypasses the TOTP for accounts with 2FA enabled. This allows access to project information normally protected by 2FA, such as projec...

6.9CVSS5.9AI score0.00112EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-0552

Malicious code in bioql PyPI...

3.8CVSS5.4AI score0.00291EPSS

Exploits0References9

Cvelist•added 2025/02/14 12:0 a.m.•7 views

CVE-2025-26788

StrongKey FIDO Server before 4.15.1 treats a non-discoverable namedcredential flow as a discoverable transaction...

8.4CVSS0.00028EPSS

Exploits0References2

Veracode•added 2023/01/16 3:38 p.m.•19 views

Insecure Token Validation

keycloak-services is vulnerable to Insecure Token validation. The vulnerability exists because the verifyToken function in ClientRegistrationTokenUtils.java does not properly validate the client tokens for possible revocations in its client credential flow, allowing an attacker to access or modif...

3.8CVSS6.7AI score0.00291EPSS

Exploits0References5Affected Software2

NVD•added 2023/01/13 6:15 a.m.•13 views

CVE-2023-0091

A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information...

3.8CVSS3.9AI score0.00291EPSS

Exploits0References1

OSV•added 2023/01/13 6:15 a.m.•0 views

CVE-2023-0091

3.8CVSS6.2AI score0.00291EPSS

Exploits0References1

RedhatCVE•added 2023/01/05 8:36 p.m.•27 views

CVE-2023-0091

3.8CVSS6.8AI score0.00291EPSS

Exploits0References5

Github Security Blog•added 2022/11/04 7:1 p.m.•37 views

Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a man in the middle attack and intercept and/or...

8.1CVSS7.9AI score0.00113EPSS

Exploits1References5Affected Software1

OSV•added 2022/11/04 7:1 p.m.•0 views

GHSA-5R3H-C3R7-9W4H Apache Pulsar Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack

8.1CVSS5.9AI score0.00113EPSS

Exploits1References5

NVD•added 2022/11/04 12:15 p.m.•11 views

CVE-2022-33684

8.1CVSS0.00113EPSS

Exploits1References2

Positive Technologies•added 2022/11/04 12:0 a.m.•2 views

PT-2022-5873 · Apache · Apache Pulsar C++ Client +1

Name of the Vulnerable Software and Affected Versions: Apache Pulsar C++ Client versions 2.7.0 through 2.7.4 Apache Pulsar C++ Client versions 2.8.0 through 2.8.3 Apache Pulsar C++ Client versions 2.9.0 through 2.9.2 Apache Pulsar C++ Client versions 2.10.0 through 2.10.1 Apache Pulsar C++ Client...

8.1CVSS8.1AI score0.00113EPSS

Exploits1References12

RedHat Linux•added 2020/07/29 6:21 a.m.•0 views

keycloak: security issue on reset credential flow

A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS5.7AI score0.00367EPSS

Exploits0References4

RedHat Linux•added 2020/07/29 6:6 a.m.•0 views

keycloak: security issue on reset credential flow

A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS5.7AI score0.00367EPSS

Exploits0References4

RedHat Linux•added 2020/07/23 7:3 a.m.•0 views

keycloak: security issue on reset credential flow

A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS5.7AI score0.00367EPSS

Exploits0References4

Veracode•added 2020/05/13 3:24 a.m.•25 views

Authorization Bypass

keycloak is vulnerable to authorization bypass. The vulnerability exists through a security issue on reset credential flow...

8.8CVSS3.9AI score0.00367EPSS

Exploits0References5Affected Software1

Cvelist•added 2020/05/12 8:25 p.m.•19 views

CVE-2020-1718

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application...

7.1CVSS8.5AI score0.00367EPSS

Exploits0References1

RedHat Linux•added 2020/05/12 5:16 p.m.•0 views

keycloak: security issue on reset credential flow

A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS5.7AI score0.00367EPSS

Exploits0References4

RedHat Linux•added 2020/05/12 4:43 p.m.•2 views

keycloak: security issue on reset credential flow

A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application...

8.8CVSS5.7AI score0.00367EPSS

Exploits0References4