Lucene search
K

48 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-41557

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 5 days ago21 views

CVE-2026-14615

Keycloak FGAP v2 implementation flaw exposes child group details via the parent-group children endpoint when FGAP v2 is enabled. The issue occurs because the system does not properly filter child groups by the caller’s per-child permissions, allowing a delegated administrator to view child group ...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References3
CVE
CVE
added 5 days ago20 views

CVE-2026-14614

The CVE-2026-14614 entry concerns Keycloak’s admin services, specifically the ClientResource component under FGAP v2. It describes a bypass where a delegated administrator can attach or remove hidden client scopes beyond their visibility/permission, potentially injecting unauthorized data or perm...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-14614 Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS0.00146EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40454

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Samba

A vulnerability was discovered in Samba. A delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object’s creation. This issue arises because the administrator...

7.5CVSS6.7AI score0.00484EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 8:16 p.m.10 views

CVE-2026-10741

Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50525

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository Manager versions prior to 3.93.0 Description An authorization bypass exists in the proxy repository configuration. This issue allows a delegated repository administrator to disclose stored upstream proxy credentials...

5.9CVSS5.2AI score0.0026EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 6:16 p.m.12 views

CVE-2026-11986

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 4:47 p.m.8 views

EUVD-2026-36267

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.11 views

keycloak: Keycloak: Information disclosure due to user profile permission bypass

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.3AI score0.00348EPSS
Exploits0References4
NVD
NVD
added 2026/06/05 8:16 a.m.14 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS0.00348EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/05 7:52 a.m.9 views

CVE-2026-9088 Keycloak: keycloak: information disclosure due to user profile permission bypass

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.4AI score0.00348EPSS
Exploits0References6
OSV
OSV
added 2026/02/05 4:15 p.m.6 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References3
NVD
NVD
added 2026/02/05 4:15 p.m.9 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

8.1CVSS0.0031EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.29 views

CVE-2025-68721

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint page=sslcerts. This allows the...

0.0031EPSS
Exploits0References2
Rows per page
Query Builder