Lucene search
+L

34 matches found

CVE
CVE
added 2026/07/06 8:12 a.m.19 views

CVE-2026-53913

CVE-2026-53913 – Apache Camel Keycloak (camel-keycloak) : The vulnerability arises because the KeycloakSecurityPolicy performs token verification only inside role and permission checks. By default, requiredRoles and requiredPermissions are empty, causing these checks to be skipped while the polic...

9.8CVSS6.4AI score0.00619EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55890

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Insufficient session expiration in the Apache Camel Keycloak Component occurs because the KeycloakSecurityHelper.parseAndVerifyAccessToken...

9.8CVSS6.1AI score0.00411EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/04/02 12:37 p.m.3 views

CVE-2026-4636

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/02/26 12:0 a.m.8 views

Apache Camel 4.15.0 < 4.18.0 Authentication Bypass (CVE-2026-23552)

The version of Apache Camel on the remote host is 4.15.0 prior to 4.18.0. It is, therefore, affected by an authentication bypass vulnerability: - The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one...

9.1CVSS6AI score0.00398EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/02/24 1:34 p.m.11 views

CVE-2026-23552

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

9.1CVSS5.4AI score0.00398EPSS
Exploits2References1
Snyk
Snyk
added 2026/02/23 9:31 a.m.7 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the KeycloakSecurityPolicy which does not validate the iss issuer claim of JWT tokens against the configured realm. An attacker can gain unauthorized access to resources by providing a JWT token issued by a...

9.3CVSS6AI score0.00398EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/23 8:45 a.m.5 views

CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

5.4AI score0.00398EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/02/23 8:45 a.m.29 views

CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

0.00398EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.13 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern from the Apache Foundation in the United States. This framework provides implementations of Java objects following the Enterprise Integration Pattern and allows routing and mediation rules to be...

9.1CVSS5.8AI score0.00398EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20652

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.17.9 Description The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. This allows a token issued by one Keycloak realm to be silentl...

9.1CVSS5.9AI score0.00398EPSS
Exploits2References25
GithubExploit
GithubExploit
added 2026/02/09 12:50 p.m.151 views

Exploit for CVE-2026-23552

CVE-2026-23552 - Cross-Realm Token Acceptance in camel-keycloa...

5.8AI score0.00398EPSS
Exploits2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0420

Malware in sbrugna...

5.5CVSS4.6AI score0.01024EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1780

Malicious code in bioql PyPI...

8.1CVSS6.2AI score0.00694EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5850

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00816EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-0967

Malicious code in bioql PyPI...

5CVSS5.5AI score0.01274EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4583

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00395EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2787

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00546EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/07/18 1:48 p.m.15 views

CVE-2025-7784 Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...

6.5CVSS7.3AI score0.00368EPSS
Exploits0References5
CVE
CVE
added 2025/07/18 1:48 p.m.65 views

CVE-2025-7784

CVE-2025-7784 - Keycloak FGAPv2 Privilege Escalation This entry describes a privilege-escalation vulnerability in Keycloak when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user who holds the manage-users role can elevate themselves to realm-admin due to improper privile...

6.5CVSS6.7AI score0.00368EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/07/11 11:14 a.m.7 views

Account Takeover

org.keycloak, keycloak-services is vulnerable to Account Takeover. The vulnerability is due to insufficient validation during account merging and email verification, which allows an attacker to change their email to the victim's address and trigger a verification email to the victim...

7.1CVSS6.1AI score0.00226EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder