Lucene search
+L

19241 matches found

OSV
OSV
added 2026/07/06 9:41 p.m.5 views

CVE-2026-43925 FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized promo code use

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any visitor to assign themselves to an arbitrary client group during sign-up. Because client groups can...

6.9CVSS6.1AI score0.00298EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 8:16 p.m.6 views

EUVD-2026-25018

id: groups= computed from real GID instead of effective GID...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 5:16 a.m.8 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.6 views

ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input

A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting XSS by providing untrusted input to the Address6 constructor. When an application renders the output of...

8.1CVSS6.9AI score0.00471EPSS
Exploits1References5
OSV
OSV
added 2026/07/06 3:45 a.m.4 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/06 3:45 a.m.8 views

EUVD-2026-41805

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/07/04 12:47 p.m.17 views

U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case

A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that took the money calls itself Kairos ,...

5.7AI score
Exploits0
NVD
NVD
added 2026/07/03 4:16 p.m.8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 4:16 p.m.9 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 4:16 p.m.4 views

UBUNTU-CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 4:16 p.m.4 views

UBUNTU-CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/03 3:47 p.m.7 views

CVE-2026-14615 Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 3:47 p.m.10 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/03 3:47 p.m.9 views

EUVD-2026-41557

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 3:47 p.m.30 views

CVE-2026-14615

Keycloak FGAP v2 implementation flaw exposes child group details via the parent-group children endpoint when FGAP v2 is enabled. The issue occurs because the system does not properly filter child groups by the caller’s per-child permissions, allowing a delegated administrator to view child group ...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 3:42 p.m.8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/03 3:16 p.m.46 views

CVE-2026-14613 Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 3:16 p.m.14 views

EUVD-2026-41555

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 3:16 p.m.22 views

CVE-2026-14613

Technical details are not publicly available in the provided documents. Monitor for updates from Red Hat/NVD for affected Keycloak FGAP v2 integration and any patched versions.

4.3CVSS6AI score0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55549

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue in the administrative interface occurs when Fine-Grained Admin Permissions FGAP v2 are enabled. An administrator with permission to view a specific role can access a list of all...

4.3CVSS6.1AI score0.00172EPSS
Exploits0References6
Rows per page
Query Builder