CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

NVD•added 2026/02/09 8:15 p.m.•2 views

CVE-2026-1486

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS0.00025EPSS

Exploits0References4

RedhatCVE•added 2026/02/09 6:36 p.m.•2 views

CVE-2026-1486

8.8CVSS5.5AI score0.00025EPSS

Exploits0References3

ATTACKERKB•added 2026/02/09 6:36 p.m.•2 views

CVE-2026-1486

8.8CVSS5.6AI score0.00025EPSS

Exploits0References5

CNNVD•added 2026/02/09 12:0 a.m.•3 views

Keycloak 安全特征问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. There is a security vulnerability in Keycloak, which stems from the jwt-authorization-grant process. During token issuance, the server does not verify whether the identity provider is enabled. This...

8.8CVSS5.8AI score0.00025EPSS

Exploits0References4

RedhatCVE•added 2025/05/22 6:33 p.m.•6 views

CVE-2021-32163

Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization...

9.8CVSS7AI score0.00475EPSS

Exploits1

Veracode•added 2023/02/19 8:41 a.m.•19 views

Privilege Escalation

github.com/mosn/mosn is vulnerable to Privilege Escalation. The vulnerability exists due to the prefixMatcher function in matcher.go while using JWT authorization, which is case-sensitive to the prefix that the URL matches, which may result in authentication bypass...

9.8CVSS9.1AI score0.00475EPSS

Exploits1References3Affected Software1