org.keycloak.protocol.oidc.grants: Disabled identity providers are still accepted for JWT Authorization Grant

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper authorization settings that can be exploited by an attacker to use this API when FABADDSECURITYAPI is...