EUVD-2026-11107

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

CVE-2026-3911 Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

CVE-2026-3911

CVE-2026-3911 describes an information-disclosure flaw in Keycloak. An authenticated user with the view-users role can access a specific administrative endpoint in the UserResource component and retrieve user attributes configured as hidden, exposing sensitive data. The published CVSS v3.1 score ...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from a flaw in the UserResource component. This vulnerability could allow authenticated users with the view-users role to improperly retrieve user...

PT-2026-24583

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue exists in Keycloak where an authenticated user possessing the view-users role can access and retrieve user attributes intended to be hidden. This occurs through exploitation of a fl...

EUVD-2022-6691

Malicious code in bioql PyPI...

EUVD-2022-6811

Malicious code in bioql PyPI...

Strapi mishandles hidden attributes within admin API responses

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

GHSA-4PHG-HPQM-C3J4 Strapi mishandles hidden attributes within admin API responses

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

CVE-2022-31367

Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attributes within admin API responses...

PT-2022-20719 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi versions 3.x through 3.6.9 Strapi versions 4.x through 4.1.9 Description: The issue concerns the mishandling of hidden attributes within admin API responses. Recommendations: For Strapi versions 3.x through 3.6.9, update to version...

Strapi SQL注入漏洞

Strapi is an open source content management system CMS. versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerabilit...

GHSA-FV7X-V67W-CVQV Spring Data REST can expose hidden entity attributes

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.6.6, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

CVE-2022-31679

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes...

VMware Spring Data REST 安全漏洞

VMware Spring Data REST is a data interface from VMware, Inc. It is used to build on top of the Spring Data repository, analyze an application's domain model, and expose hypermedia-driven HTTP resources for aggregations contained in the model. A security vulnerability exists in VMware Spring Data...

LNK-Kisser - PowerShell Link Payload Generator

Making FUD Shortcut .lnk payloads with LNK-KISSER to remote execute malicious code. Shortcut-Payload-Generator Exploiting Powershell to make ShortCut Payloads fud. There is too much of awsome tricks there , u can make it better ^^. For Ex : Killing tcpview , taskmanager ..etc while downloading. S...