Lucene search
+L

34 matches found

vulnrichment
vulnrichment
added 2026/07/03 3:47 p.m.7 views

CVE-2026-14615 Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
osv
osv
added 2026/06/22 7:59 p.m.7 views

GHSA-2VG8-Q4C2-5CW3 OpenAM has LDAP Injection via `_queryId` Parameter

OpenAM Open Identity Platform is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under /json/realm/users. In IdentityResourceV1.queryCollection, the HTTP query parameter queryId is passed to a CrestQue...

8.7CVSS6AI score
Exploits0References4
cve
cve
added 2026/06/05 7:52 a.m.39 views

CVE-2026-9088

In Keycloak, a flaw in org.keycloak.services allows an administrator with delegated access to read group memberships and users to bypass user profile permissions by querying the group members endpoint. This enables viewing user attributes that are explicitly denied, causing information disclosure...

2.7CVSS5.4AI score0.00348EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.17 views

PT-2026-46909

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.services allows an administrator with delegated access to read group memberships and users to bypass user profile permissions. By accessing the group members endpoint,...

2.7CVSS5.7AI score0.00348EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.13 views

PT-2026-43322

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An improper access check allows privilege escalation through the 'com users group editing webservice' endpoint. Recommendations At the moment, there is no...

9.8CVSS5.8AI score0.00292EPSS
Exploits0References4
cnvd
cnvd
added 2026/04/16 12:0 a.m.8 views

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17643)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that originates from improper handling of the name parameter in the /urlgroup.asp endpoint, which can be exploited by an attacker to cause a denial of service...

7.5CVSS6.1AI score0.00516EPSS
Exploits0
redhatcve
redhatcve
added 2026/04/10 7:22 p.m.8 views

CVE-2025-50664

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

7.5CVSS6.1AI score0.00605EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/04/10 7:22 p.m.5 views

CVE-2025-50662

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...

7.5CVSS6AI score0.00516EPSS
Exploits0References1
euvd
euvd
added 2026/04/08 9:33 p.m.7 views

EUVD-2025-209347

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...

6.2AI score0.00516EPSS
Exploits0References3
euvd
euvd
added 2026/04/08 9:33 p.m.16 views

EUVD-2025-209351

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

6.2AI score0.00605EPSS
Exploits0References3
nvd
nvd
added 2026/04/08 7:24 p.m.4 views

CVE-2025-50664

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

7.5CVSS0.00605EPSS
Exploits0References3
nvd
nvd
added 2026/04/08 7:24 p.m.7 views

CVE-2025-50653

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /timegroup.asp endpoint...

7.5CVSS0.00516EPSS
Exploits0References3
nvd
nvd
added 2026/04/08 7:24 p.m.7 views

CVE-2025-50662

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...

7.5CVSS0.00516EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/04/08 12:0 a.m.4 views

CVE-2025-50655

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thdgroup.asp endpoint...

6AI score0.00516EPSS
Exploits0References3
cve
cve
added 2026/04/08 12:0 a.m.17 views

CVE-2025-50653

CVE-2025-50653 affects D-Link DI-8003 devices (firmware 16.07.26A1). A buffer overflow is triggered by improper handling of the name and mem parameters in the /time_group.asp endpoint. CNVD-2026-17635 and RH/CVEs describe a boundary/overflow condition leading to denial of service; NVD metrics ind...

7.5CVSS6.2AI score0.00516EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/04/08 12:0 a.m.13 views

CVE-2025-50664

The CVE-2025-50664 entry concerns a buffer overflow in D-Link DI-8003 (firmware 16.07.26A1) caused by improper handling of parameters in the /user_group.asp endpoint. An attacker can trigger it by sending a crafted HTTP GET with parameters name, mem, pri, and attr, potentially leading to denial o...

7.5CVSS6.2AI score0.00605EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/04/08 12:0 a.m.25 views

CVE-2025-50662

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /urlgroup.asp endpoint...

0.00516EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/08 12:0 a.m.26 views

CVE-2025-50655

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thdgroup.asp endpoint...

0.00516EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/08 12:0 a.m.24 views

CVE-2025-50664

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /usergroup.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

0.00605EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.4 views

PT-2026-31387

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr...

7.5CVSS6.2AI score0.00605EPSS
Exploits0References5
Rows per page
Query Builder