Lucene search
K

28 matches found

OSV
OSV
added 2026/07/03 4:16 p.m.3 views

UBUNTU-CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/03 3:16 p.m.7 views

CVE-2026-14613 Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 3:16 p.m.22 views

CVE-2026-14613

Technical details are not publicly available in the provided documents. Monitor for updates from Red Hat/NVD for affected Keycloak FGAP v2 integration and any patched versions.

4.3CVSS6AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 3:10 p.m.13 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55549

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue in the administrative interface occurs when Fine-Grained Admin Permissions FGAP v2 are enabled. An administrator with permission to view a specific role can access a list of all...

4.3CVSS6.1AI score0.00172EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-33300

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 6:16 p.m.4 views

CVE-2026-33300

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

6.5CVSS0.00234EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 5:42 p.m.3 views

CVE-2026-33300

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/31 5:42 p.m.25 views

CVE-2026-33300 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

5.3CVSS0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 5:42 p.m.3 views

CVE-2026-33300 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 5:42 p.m.6 views

EUVD-2026-17572

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 5:42 p.m.19 views

CVE-2026-33300

Discourse is affected by CVE-2026-33300. The flaw is an authorization bypass in the Category Chatables Controller show action that allowed moderators to view information on hidden groups names and user counts. Affected versions include 2026.1.0-latest up to before 2026.1.3, 2026.2.0-latest up to ...

6.5CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/31 5:42 p.m.6 views

CVE-2026-33300 Discourse: Hidden group names and access metadata are exposed to moderators through the `category-chatables` endpoint

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authorization bypass in the Category Chatables Controller show action allowed moderators to get information on hidden...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-62400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or...

6.5CVSS6AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2025/11/17 11:47 p.m.4 views

BIT-MOODLE-2025-62400 Moodle: hidden group names visible to event creators

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/23 12:31 p.m.8 views

Moodle exposed the names of hidden groups to users

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

6.5CVSS6.7AI score0.00246EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/10/23 12:15 p.m.6 views

CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

6.5CVSS0.00246EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 12:15 p.m.4 views

UBUNTU-CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/23 11:46 a.m.5 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the missing capability check in the calendar event creation flow. An attacker can access private or restricted group...

6.5CVSS6.6AI score0.00246EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/23 11:28 a.m.6 views

EUVD-2025-35667

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

4.3CVSS6.2AI score0.00246EPSS
Exploits0References3
Rows per page
Query Builder