CVE-2026-46389

UDS Identity Config builds the Keycloak configuration image realm, plugins, theme, truststore, JARs consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the client-kubernetes-secret Keycloak client authenticator shipped by uds-identity-config and consume...

CVE-2026-46389

CVE-2026-46389 affects UDS Identity Config (Keycloak integration) used by UDS Core Identity. A logic error in the Keycloak client authenticator named client-kubernetes-secret (shipped by uds-identity-config) in versions 0.11.0–0.26.0 overwrites the submitted client_secret with the mounted Kuberne...

CVE-2026-46389 UDS Identity Config has a client authentication bypass in `ClientIdAndKubernetesSecretAuthenticator`

UDS Identity Config builds the Keycloak configuration image realm, plugins, theme, truststore, JARs consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in the client-kubernetes-secret Keycloak client authenticator shipped by uds-identity-config and consume...

PT-2026-47027

Name of the Vulnerable Software and Affected Versions UDS Identity Config versions 0.11.0 through 0.26.0 Description A logic error exists in the client-kubernetes-secret Keycloak client authenticator. This error causes the submitted client secret to be overwritten with the mounted Kubernetes secr...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...

EUVD-2020-29843

Malware in sbrugna...

CVE-2022-45435

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity...

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

gitea -- Multiple vulnerabilities

[email protected] reports: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. go-redis ...

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2020-9012

Technical details governing CVE-2020-9012 (affected products, versions, root cause, fix) are not publicly provided in the supplied Connected documents. Monitor for updates from official advisories.

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...