Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3387

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00501EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/04 10:25 p.m.11 views

CVE-2024-53843

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...

8.1CVSS7.1AI score0.00501EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/11/26 4:51 p.m.7 views

@dapperduckling/keycloak-connector-cluster-redis (>=0.0.5-alpha.0 <=1.0.30), @dapperduckling/keycloak-connector-group-auth-plugin (>=0.0.5-alpha.0 <=1.1.15) potentially affected by CVE-2024-53843 via @dapperduckling/keycloak-connector-server (>=0.0.14 <=1.5.2)

@dapperduckling/keycloak-connector-server NPM version =0.0.14, =0.0.5-alpha.0, =0.0.5-alpha.0, =1.1.15 Source cves: CVE-2024-53843 Source advisory: OSV:GHSA-W5RQ-G9R6-VRCG...

8.1CVSS5.8AI score0.00501EPSS
Exploits0
OSV
OSV
added 2024/11/25 11:18 p.m.9 views

CVE-2024-53843 Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...

8.1CVSS6.3AI score0.00501EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.3 views

keycloak-connector 跨站脚本漏洞

keycloak-connector is a series of libraries open-sourced by DapperDuckling for Node.js applications and front-end clients to interact with keycloak. A cross-site scripting vulnerability exists in versions of keycloak-connector prior to 2.5.4 that stems from improperly cleaned URL parameters, whic...

8.1CVSS5.8AI score0.00501EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/25 12:0 a.m.7 views

PT-2024-35946 · Unknown · @Dapperduckling/Keycloak-Connector-Server

Name of the Vulnerable Software and Affected Versions: @dapperduckling/keycloak-connector-server versions prior to 2.5.5 Description: A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application due to improper sanitization of the URL parameters...

8.1CVSS6.1AI score0.00501EPSS
Exploits0References8
Rows per page
Query Builder