Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain unauthorized access to protected resources by appending a semicolon and arbitrary text to the request URL, exploiting...

com.abavilla:fpi-bot-api (>=1.6.0 <=1.6.2), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.6.2) +17 more potentially affected by CVE-2026-39852 via io.quarkus:quarkus-keycloak-authorization (>=3.0.0.Alpha1 <=3.20.6)

io.quarkus:quarkus-keycloak-authorization MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.7 and more Source cves: CVE-2026-39852 Source advisory: SNYK:JAVA-IOQUARKUS-16420251...

EUVD-2026-10869

Parse Server missing audience validation in Keycloak authentication adapter...

Access Control Bypass

Overview org.keycloak:keycloak-authz-policy-common is a KeyCloak AuthZ: Common Policy Providers Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with...

Keycloak 安全漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak has a security vulnerability that stems from the org.keycloak.authorization package that may bypass required operations and could lead to bypassing two-factor authentication...

com.abavilla:fpi-bot-api (>=1.8.1 <=1.8.3), com.abavilla:fpi-bot-api-parent (>=1.8.1 <=1.8.3) +17 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-keycloak-authorization (>=3.3.0 <=3.3.2)

io.quarkus:quarkus-keycloak-authorization MAVEN version =3.3.0, =1.8.1, =1.8.1, =1.8.6, =1.8.6, =1.9.0, =1.9.0, =1.10.1, =1.10.1, =1.0.29, =1.0.29, =1.6.1, =1.6.1, =1.5.1, =1.5.1, =1.3.8, =1.3.10 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

com.abavilla:fpi-bot-api (>=1.6.0 <=1.8.0), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.8.0) +18 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-keycloak-authorization (>=3.0.0.Alpha1 <=3.2.5.Final)

io.quarkus:quarkus-keycloak-authorization MAVEN version =3.0.0.Alpha1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.7 and more Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...