34 matches found
CVE-2026-14615 Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter
A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...
GHSA-2VG8-Q4C2-5CW3 OpenAM has LDAP Injection via `_queryId` Parameter
OpenAM Open Identity Platform is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under /json/realm/users. In IdentityResourceV1.queryCollection, the HTTP query parameter queryId is passed to a CrestQue...
CVE-2026-9088
In Keycloak, a flaw in org.keycloak.services allows an administrator with delegated access to read group memberships and users to bypass user profile permissions by querying the group members endpoint. This enables viewing user attributes that are explicitly denied, causing information disclosure...
PT-2026-46909
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.services allows an administrator with delegated access to read group memberships and users to bypass user profile permissions. By accessing the group members endpoint,...
PT-2026-43322
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An improper access check allows privilege escalation through the 'com users group editing webservice' endpoint. Recommendations At the moment, there is no...
D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17643)
The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that originates from improper handling of the name parameter in the /urlgroup.asp endpoint, which can be exploited by an attacker to cause a denial of service...
CVE-2025-50664
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...
CVE-2025-50662
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...
EUVD-2025-209347
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...
EUVD-2025-209351
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...
CVE-2025-50664
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...
CVE-2025-50653
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /timegroup.asp endpoint...
CVE-2025-50662
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...
CVE-2025-50655
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thdgroup.asp endpoint...
CVE-2025-50653
CVE-2025-50653 affects D-Link DI-8003 devices (firmware 16.07.26A1). A buffer overflow is triggered by improper handling of the name and mem parameters in the /time_group.asp endpoint. CNVD-2026-17635 and RH/CVEs describe a boundary/overflow condition leading to denial of service; NVD metrics ind...
CVE-2025-50664
The CVE-2025-50664 entry concerns a buffer overflow in D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of parameters in the /user_group.asp endpoint. An attacker can trigger it by sending a crafted HTTP GET with parameters name, mem, pri, and attr, potentially leading to denial o...
CVE-2025-50662
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...
CVE-2025-50655
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thdgroup.asp endpoint...
CVE-2025-50664
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...
PT-2026-31387
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...