Lucene search
+L

6 matches found

RedHat Linux
RedHat Linux
added 2025/11/13 5:51 p.m.2 views

org.keycloak.protocol.oidc.endpoints.LogoutEndpoint: Offline Session takeover due to reused Authentication Session ID

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS5.7AI score0.00128EPSS
Exploits0References5
NVD
NVD
added 2025/10/28 2:15 p.m.10 views

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS0.00128EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/28 1:23 p.m.6 views

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

6CVSS6AI score0.00128EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in h1-cli-device-browser (npm)

The package h1-cli-device-browser was found to contain malicious code...

7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/08/14 6:52 p.m.10 views

h1-cli-device-browser (>=1.0.1-alpha.0 <=1.0.1-alpha.1), h1-cli-device-node (>=1.0.1-alpha.0 <=1.0.1-alpha.1) potentially affected by unknown CVE via h1-cli-ext-root-openapi-generator (=1.0.1-alpha.1)

h1-cli-ext-root-openapi-generator NPM version =1.0.1-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on h1-cli-ext-root-openapi-generator and may be impacted: - h1-cli-device-browser =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.1 Source cves:...

5.8AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-22077 Malicious code in h1-cli-device-browser (npm)

The package h1-cli-device-browser was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder