Lucene search
K

8 matches found

CVE
CVE
added 2026/04/22 8:31 p.m.21 views

CVE-2026-41166

Summary of CVE-2026-41166 : OpenRemote prior to v1.22.1 allows a user with the OpenRemote Keycloak realm role write:admin in one realm to call the Manager API and update realm roles for users in a different realm, including the master realm. The underlying issue is that the handler uses the {real...

7CVSS5.7AI score0.00285EPSS
Exploits1References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:0 p.m.6 views

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

...

9.8CVSS7AI score0.01421EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/21 3:13 a.m.4 views

SUSE CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

8.4CVSS9.4AI score0.01421EPSS
Exploits0References3
OSV
OSV
added 2023/03/13 1:15 a.m.2 views

DEBIAN-CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS8.2AI score0.01421EPSS
Exploits0References1
OSV
OSV
added 2023/03/13 1:15 a.m.5 views

UBUNTU-CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS7.2AI score0.01421EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.5 views

PT-2023-21600 · Webpack +3 · Webpack +3

Name of the Vulnerable Software and Affected Versions: Webpack versions prior to 5.76.0 Description: The issue concerns cross-realm object access. Specifically, the ImportParserPlugin.js mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to...

9.8CVSS6.5AI score0.0183EPSS
Exploits0References40
RedHat Linux
RedHat Linux
added 2020/06/04 1:6 p.m.13 views

keycloak: cross-realm user access auth bypass

A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...

7.5CVSS5.8AI score0.0054EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.4 views

keycloak: cross-realm user access auth bypass

A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...

7.5CVSS5.8AI score0.0054EPSS
Exploits0References4
Rows per page
Query Builder