Lucene search
K

1041 matches found

Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.6 views

PT-2025-52860

Name of the Vulnerable Software and Affected Versions continuwuity versions prior to 0.5.0 Description A remote, unauthenticated attacker can force the target server to cryptographically sign arbitrary membership events. This occurs because the server does not validate the origin of a signing...

9.9CVSS6.8AI score0.00527EPSS
Exploits0References12
OSV
OSV
added 2025/12/19 9:31 p.m.3 views

GHSA-4HX9-48XH-5MXR Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Disable LDAP referrals in all LDAP user providers in all realms...

5.5CVSS6AI score0.00399EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2025/12/19 9:31 p.m.4 views

com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.4.10 <=1.4.11) +41 more potentially affected by CVE-2025-13467 via org.keycloak:keycloak-ldap-federation (>=1.0-beta-4 <=26.2.1)

org.keycloak:keycloak-ldap-federation MAVEN version =1.0-beta-4, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =2.5.6-24.0, =0.1.0, =0.2, =6.19, =7.1 and more Source cves: CVE-2025-13467 Source advisory: OSV:GHSA-4HX9-48XH-5MXR...

5.5CVSS5.4AI score0.00399EPSS
Exploits0
EUVD
EUVD
added 2025/12/19 9:31 p.m.6 views

EUVD-2025-199598

Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization...

5.5CVSS6.2AI score0.00399EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2025/12/19 9:31 p.m.10 views

Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Disable LDAP referrals in all LDAP user providers in all realms...

5.5CVSS6.5AI score0.00399EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2025/12/13 4:36 a.m.7 views

Insecure Deserialization

org.keycloak, keycloak-ldap-federation is vulnerable to insecure deserialization. The vulnerability is due to improper handling of untrusted Java object deserialization in a malicious LDAP server configuration, which allows an authenticated realm administrator to trigger the execution of arbitrar...

5.5CVSS6.1AI score0.00399EPSS
Exploits0References11Affected Software1
vulnersOsv
vulnersOsv
added 2025/12/03 4:39 p.m.9 views

@amazeelabs/bridge-waku (>=1.1.0 <=2.0.1), @amazeelabs/executors (>=3.0.0 <=3.1.14) +19 more potentially affected by CVE-2025-55182 via react-server-dom-webpack (>=19.0.0-rc.0 <=19.0.0)

react-server-dom-webpack NPM version =19.0.0-rc.0, =1.1.0, =3.0.0, =1.1.0, =1.1.0, =0.9.1-next.19, =0.9.1-next.19, =0.9.1-next.19, =0.0.4, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250219082408, =0.0.2, =8.0.0-canary.841, =8.0.0, =9.0.0-canary.142 and more Source cves:...

10CVSS7.2AI score0.99562EPSS
Exploits374
OSV
OSV
added 2025/11/25 6:32 p.m.3 views

GHSA-93VM-MQPW-8WH3 Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...

5.5CVSS5.9AI score0.00399EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2025/11/25 6:32 p.m.11 views

Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...

5.5CVSS6.3AI score0.00399EPSS
Exploits0References11Affected Software1
Snyk
Snyk
added 2025/11/25 4:41 p.m.6 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the URL references when following referrals. An attacker can manipulate application behavior by configuring a malicious LDAP server and triggering deserialization of untrusted Java objects as an...

5.5CVSS6.9AI score0.00399EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/25 4:6 p.m.17 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.11 Security Update

New Red Hat build of Keycloak 26.2.11 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.11 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

6CVSS6.5AI score0.00399EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/25 4:2 p.m.10 views

CVE-2025-13467 Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration...

5.5CVSS0.00399EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/25 4:2 p.m.9 views

CVE-2025-13467

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration. Mitigation Mitigation for this issue is either not available or the...

5.5CVSS6AI score0.00399EPSS
Exploits0References5
OSV
OSV
added 2025/11/21 6:13 p.m.5 views

RLSA-2025:21462 Critical: lasso security update

The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fixes: lasso: Type...

9.8CVSS6.8AI score0.00824EPSS
Exploits1References2
OSV
OSV
added 2025/11/17 12:0 a.m.6 views

ALSA-2025:21462 Critical: lasso security update

The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fixes: lasso: Type...

9.8CVSS6.6AI score0.00824EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2025/11/17 12:0 a.m.8 views

Critical: lasso security update

The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fixes: lasso: Type...

9.8CVSS6.6AI score0.00824EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.2 views

RHEL 9 : lasso (RHSA-2025:21462)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21462 advisory. The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2...

9.8CVSS7.9AI score0.00824EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/15 12:47 a.m.11 views

CVE-2025-64530

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...

7.5CVSS6.8AI score0.00353EPSS
Exploits0References1
OSV
OSV
added 2025/11/14 9:49 p.m.3 views

GHSA-M8JR-FXQX-8XX6 Apollo Federation has Improper Enforcement of Access Control on Transitive Fields

Summary A vulnerability in Apollo Federation's composition logic did not enforce that fields depending on protected data through @requires and/or @fromContext directives have the same access control requirements as the fields they reference. This allowed queries to access protected fields...

7.5CVSS6.4AI score
Exploits0References6
EUVD
EUVD
added 2025/11/14 9:49 p.m.5 views

EUVD-2025-197661

Apollo Federation has Improper Enforcement of Access Control on Transitive Fields...

6.5AI score
Exploits0References6
Rows per page
Query Builder