9 matches found
Information Exposure
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Information Exposure via the SAML ECP endpoint when specially crafted SOAP requests are sent with varying...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-4634 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-4634 Source advisory: OSV:GHSA-H4WV-G838-66G3https://vulners.com/osv/OSV:GHSA-H4WV-G838-...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-3121 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.5)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-3121 Source advisory: OSV:GHSA-7XF9-4JFC-WGM4https://vulners.com/osv/OSV:GHSA-7XF9-4JFC-...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +137 more potentially affected by CVE-2025-14083 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.2.5)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-14083 Source advisory:...
EUVD-2025-23863
Malicious code in bioql PyPI...
CVE-2025-8419
CVE-2025-8419 : A Keycloak SMTP injection vulnerability exists in Keycloak-services where special characters in the local-part of an email during registration can trigger SMTP injection, potentially causing the server to send unsolicited emails. The issue is limited to short emails (local part ca...
CVE-2025-8419
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...
com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +95 more potentially affected by CVE-2024-3656 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=24.0.4)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.1.23, =0.3.0-20.0.1, =0.4.5-20.0.2, =2.7.4-24.0 and more Source cves: CVE-2024-3656 Source advisory: OSV:GHSA-2CWW-FGMG-4JQC...
com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.4.10 <=1.4.11) +55 more potentially affected by CVE-2022-1438 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=21.0.0)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.3.2, =0.6, =0.2, =0.7 and more Source cves: CVE-2022-1438 Source advisory: OSV:GHSA-W354-2F3C-QVG9...