14 matches found
Keycloak's identity-first login flow exposes user information
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...
CVE-2026-4633
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration...
PT-2026-27107
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak that allows a remote attacker to determine the existence of users, resulting in information disclosure through user enumeration. This occurs due to differential err...
MAL-2025-32880 Malicious code in secure_identity_login_module (npm)
The package secureidentityloginmodule was found to contain malicious code...
Tongda OA system has a logic flaw vulnerability
Ltd. is subordinate to China National Weapons Industry Information Center CNWIIC, which is referred to as Tongda Xinke. It is a high-tech team with the main business of collaborative management software development and implementation, service and consulting. Tongda OA system has a logical flaw...
Malicious Package
secureidentityloginmodule is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...
Malicious Package
Overview All versions of secureidentityloginmodule contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and ke...
Information Disclosure
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
com.alexbt:springboot-autoconfigure-openid-oauth (=1.0.9), com.appdirect:service-integration-sdk (>=1.24 <=v11.129.7) +10 more potentially affected by CVE-2019-3778 via org.springframework.security.oauth:spring-security-oauth (>=2.0.10.RELEASE <=2.0.14.RELEASE)
org.springframework.security.oauth:spring-security-oauth MAVEN version =2.0.10.RELEASE, =1.24, =2.7.4.7, =2.7.4.7, =2.7.4.7, =3.3.0.4, =3.3.0.4, =2.7.4.7, =4.4.0 Source cves: CVE-2019-3778 Source advisory: OSV:GHSA-77RV-6VFW-X4GC...
JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided
The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...
JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided
The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...
JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided
The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...
JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided
The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...
JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided
The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...