Lucene search
K

12 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40299

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.7AI score0.00182EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added last week7 views

keycloak: Group-Admin Escalation to Realm-Admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-9099

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-9099 Keycloak: group-admin escalation to realm-admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:44 a.m.6 views

CVE-2026-11577

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/realm/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions FGAP and escalate their privileges to a full realm administrator by importin...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/08 11:44 a.m.10 views

CVE-2026-11577

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/realm/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions FGAP and escalate their privileges to a full realm administrator by importin...

7.2CVSS5.1AI score0.00329EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.4 views

SpiceDB 安全漏洞

SpiceDB is a fine-grained permissions database from the Authzed team. SpiceDB has a security vulnerability that stems from the ability to grant inappropriate permissions to clients under certain circumstances...

2.4CVSS7.8AI score0.00307EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2024/07/25 11:5 a.m.10 views

Data Wallets Using the Solid Protocol

I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lees Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here, but basically a digital wallet is a...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.5 views

SpiceDB 安全漏洞

SpiceDB is a fine-grained permissions database inspired by Google Zanzibar. A security vulnerability exists in SpiceDB version 1.22.0 that stems from incorrect access control...

5.3CVSS5.6AI score0.00448EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.10 views

SpiceDB 安全漏洞

SpiceDB is a fine-grained permissions database inspired by Google Zanzibar. A security vulnerability exists in SpiceDB versions prior to 1.19.1. An attacker exploited the vulnerability to obtain sensitive data...

8.7CVSS7.6AI score0.00762EPSS
Exploits0References4
CVE
CVE
added 2022/08/01 4:20 p.m.641 views

CVE-2022-31128

Tuleap CVE-2022-31128 affects Tuleap Community Edition prior to 13.10.99.82 and Tuleap Enterprise Edition prior to 13.10-3. The issue arises from improper verification of fine-grained permissions when creating Git branches via the REST API (POST git/:id/branches); users could create branches rega...

5.4CVSS5.4AI score0.00497EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2016/09/21 8:25 p.m.16 views

[SECURITY] Fedora 23 Update: drupal7-panels-3.7-1.fc23

The Panels module allows a site administrator to create customized layouts for multiple uses. At its core it is a drag and drop content manager that lets you visually design a layout and place content within that layout. Integration with other systems allows you to create nodes that use this,...

1.7AI score
Exploits0
Rows per page
Query Builder