Lucene search
+L

365 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-4271

Malware in sbrugna...

6.1CVSS6.3AI score0.00692EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-10329

Malware in sbrugna...

7.5CVSS6.6AI score0.00603EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-6872

Malware in sbrugna...

6.5CVSS7.9AI score0.0154EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-17836

Malware in sbrugna...

6.1CVSS6.1AI score0.012EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-43746

Malicious code in bioql PyPI...

7.5CVSS5.7AI score0.01413EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-53466

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.03164EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-37427

Malicious code in bioql PyPI...

4.3CVSS7.3AI score0.0058EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-31723

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.004EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-25269

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00266EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/22 3:36 p.m.2 views

keycloak: Keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS5.8AI score0.00291EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/05 9:32 p.m.10 views

Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...

4.3CVSS6.7AI score0.00291EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2025/09/05 9:32 p.m.4 views

GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...

4.3CVSS5.8AI score0.00291EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/09/05 7:59 p.m.4 views

CVE-2025-10044 Keycloak: keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS6.1AI score0.00291EPSS
Exploits0References7
CVE
CVE
added 2025/09/05 7:59 p.m.28 views

CVE-2025-10044

CVE-2025-10044 affects Keycloak: error_description injection on error pages allows arbitrary text to be rendered in the UI, enabling phishing-like messages (e.g., fake support numbers/URLs) without XSS. The issue is mitigated by HTML encoding but still enables deceptive content within the trusted...

4.3CVSS6.1AI score0.00291EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/05 7:59 p.m.10 views

CVE-2025-10044 Keycloak: keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS0.00291EPSS
Exploits0References7
Snyk
Snyk
added 2025/09/05 12:0 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...

5.1CVSS3.6AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.3 views

PT-2025-36327

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the account console and other pages accept arbitrary text in the error description query parameter. This text is directly rendered in error pages without...

4.3CVSS3.8AI score0.00291EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-40468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier us...

7.5CVSS6.8AI score0.01413EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/22 9:32 a.m.14 views

CVE-2025-9229

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...

5.3CVSS7.1AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2025/08/20 9:15 a.m.10 views

CVE-2025-9229

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...

5.3CVSS0.00266EPSS
Exploits0References2
Rows per page
Query Builder