CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

vulnersOsv•added 2025/02/18 6:33 p.m.•4 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.4.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +1133 more potentially affected by CVE-2024-4028 via org.keycloak:keycloak-core (>=10.0.0 <=26.1.2)

org.keycloak:keycloak-core MAVEN version =10.0.0, =1.2.0, =0.0.8-alpha, =0.0.1-alpha, =1.0.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.10.0, =0.10.0, =0.10.5-experimental and more Source cves: CVE-2024-4028 Source advisory: OSV:GHSA-Q4XQ-445G-G6CH...

3.8CVSS5.8AI score0.00204EPSS

Exploits0

vulnersOsv•added 2024/11/25 7:40 p.m.•1 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.4.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +1097 more potentially affected by CVE-2024-10039 via org.keycloak:keycloak-core (>=10.0.0 <=26.0.5)

6.1AI score

Exploits0

RedHat Linux•added 2024/11/21 7:23 p.m.•0 views

keycloak-core: mTLS passthrough

A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication...

5.7AI score

Exploits0References5

vulnersOsv•added 2024/10/14 8:56 p.m.•1 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.3.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +1061 more potentially affected by CVE-2024-7318 via org.keycloak:keycloak-core (>=10.0.0 <=24.0.5)

org.keycloak:keycloak-core MAVEN version =10.0.0, =1.2.0, =0.0.8-alpha, =0.0.1-alpha, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.10.0, =0.10.0, =0.5.0, =0.10.5-experimental and more Source cves: CVE-2024-7318 Source advisory: OSV:GHSA-XMMM-JW76-Q7VG...

4.8CVSS5.8AI score0.01222EPSS

Exploits0

vulnersOsv•added 2024/09/10 6:30 p.m.•3 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.3.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +1033 more potentially affected by CVE-2023-6841 via org.keycloak:keycloak-core (>=10.0.0 <=23.0.7)

7.5CVSS7.1AI score0.00613EPSS

Exploits0

vulnersOsv•added 2024/09/09 9:31 p.m.•2 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.3.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +1061 more potentially affected by CVE-2024-7260 via org.keycloak:keycloak-core (>=10.0.0 <=24.0.5)

6.1CVSS5.8AI score0.00367EPSS

Exploits0

RedHat Linux•added 2024/09/09 4:5 p.m.•2 views

keycloak-core: Open Redirect on Account page

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referreruri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it...

6.1CVSS5.7AI score0.00367EPSS

Exploits0References4

Veracode•added 2024/06/19 5:56 a.m.•43 views

Credential Leakage

org.keycloak, keycloak-core is vulnerable to Credential Leakage. The vulnerability is due to a lack of proper validation and enforcement when administrators change the LDAP Connection URL without requiring re-entry of the currently configured LDAP bind credentials. The vulnerability allows an...

2.7CVSS6.5AI score0.00093EPSS

Exploits0References11Affected Software1

vulnersOsv•added 2024/01/23 2:43 p.m.•0 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.3.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +1011 more potentially affected by CVE-2023-6927 via org.keycloak:keycloak-core (>=10.0.0 <=23.0.3)

6.1CVSS5.8AI score0.00838EPSS

Exploits0

OSV•added 2024/01/23 2:43 p.m.•1 views

GHSA-9VM7-V8WJ-3FQW keycloak-core: open redirect via "form_post.jwt" JARM response mode

An incomplete fix was found in Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". It is observed that changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt...

4.6CVSS5.9AI score0.00838EPSS

Exploits0References12

RedhatCVE•added 2023/12/18 4:11 p.m.•35 views

CVE-2023-6920

An incomplete fix was found in the Keycloak Core patch. An attacker can steal authorization codes or tokens from clients using a wildcard in the JARM response mode "formpost.jwt". Changing the responsemode parameter in the original proof of concept from "formpost" to "formpost.jwt" can bypass the...

5AI score0.02468EPSS

Exploits1References3

vulnersOsv•added 2023/07/18 7:12 p.m.•1 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.2.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +904 more potentially affected by CVE-2023-0105 via org.keycloak:keycloak-core (>=10.0.0 <=22.0.0)

6.5CVSS6.5AI score0.00203EPSS

Exploits0

vulnersOsv•added 2023/06/30 8:30 p.m.•1 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=2.2.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +897 more potentially affected by CVE-2023-1664 via org.keycloak:keycloak-core (>=10.0.0 <=21.1.1)

6.5CVSS6.5AI score0.00254EPSS

Exploits0

vulnersOsv•added 2023/01/12 11:39 p.m.•0 views

be.jidoka:jdk-keycloak-admin (>=1.2.0 <=1.3.0), br.com.anteros:Anteros-Keycloak (=1.0.0) +846 more potentially affected by CVE-2023-0091 via org.keycloak:keycloak-core (>=10.0.0 <=20.0.2)

3.8CVSS6.2AI score0.00291EPSS

Exploits0

vulnersOsv•added 2022/08/27 12:0 a.m.•0 views

be.jidoka:jdk-keycloak-admin (=1.2.0), ca.bc.gov.tno:dal-db (>=0.0.8-alpha <=0.0.17-alpha) +383 more potentially affected by CVE-2021-3632 via org.keycloak:keycloak-core (>=10.0.0 <=15.0.2)

org.keycloak:keycloak-core MAVEN version =10.0.0, =0.0.8-alpha, =0.0.1-alpha, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.5.0, =0.5.0, =0.7.0, =0.7.0, =0.7.0, =0.8.2 and more Source cves: CVE-2021-3632 Source advisory: OSV:GHSA-QPQ9-JPV4-6GWR...

7.5CVSS7.1AI score0.00503EPSS

Exploits0

vulnersOsv•added 2022/08/27 12:0 a.m.•0 views

be.jidoka:jdk-keycloak-admin (=1.2.0), ca.bc.gov.tno:dal-db (>=0.0.8-alpha <=0.0.17-alpha) +383 more potentially affected by CVE-2021-3856 via org.keycloak:keycloak-core (>=10.0.0 <=15.0.2)

4.3CVSS6.7AI score0.00364EPSS

Exploits0

vulnersOsv•added 2022/08/27 12:0 a.m.•1 views

be.jidoka:jdk-keycloak-admin (=1.2.0), ca.bc.gov.tno:dal-db (>=0.0.8-alpha <=0.0.17-alpha) +405 more potentially affected by CVE-2022-0225 via org.keycloak:keycloak-core (>=10.0.0 <=16.1.0)

org.keycloak:keycloak-core MAVEN version =10.0.0, =0.0.8-alpha, =0.0.1-alpha, =1.0.0, =0.2.0, =0.2.0, =0.2.0, =0.5.0, =0.2.0, =0.2.0, =0.5.0, =0.5.0, =0.5.0, =0.7.0, =0.7.0, =0.8.2 and more Source cves: CVE-2022-0225 Source advisory: OSV:GHSA-FQC7-5XXC-PH7R...

5.4CVSS6.4AI score0.0051EPSS

Exploits1

vulnersOsv•added 2022/08/24 12:0 a.m.•1 views

ca.bc.gov.tno:dal-db (=0.0.8-alpha), com.avast.grpc.jwt:grpc-java-jwt-keycloak (>=0.4.10 <=0.4.12) +279 more potentially affected by CVE-2020-35509 via org.keycloak:keycloak-core (>=10.0.0 <=13.0.1)

org.keycloak:keycloak-core MAVEN version =10.0.0, =0.4.10, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.3.7 and more Source cves: CVE-2020-35509 Source advisory: OSV:GHSA-RPJ2-W6FR-79HC...

5.4CVSS6AI score0.00087EPSS

Exploits0

vulnersOsv•added 2022/05/24 5:43 p.m.•0 views

com.avast.grpc.jwt:grpc-java-jwt-keycloak (>=0.4.10 <=0.4.11), com.avast.grpc.jwt:keycloak (=0.4.9) +249 more potentially affected by CVE-2020-27838 via org.keycloak:keycloak-core (>=10.0.0 <=12.0.4)

org.keycloak:keycloak-core MAVEN version =10.0.0, =0.4.10, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =5.0.0, =5.0.0, =5.1.0 and more Source cves: CVE-2020-27838 Source advisory: OSV:GHSA-PCV5-M2WH-66J3...

6.5CVSS6.5AI score0.85144EPSS

Exploits0

vulnersOsv•added 2022/05/24 5:36 p.m.•0 views

com.avast.grpc.jwt:grpc-java-jwt-keycloak (>=0.4.10 <=0.4.11), com.avast.grpc.jwt:keycloak (=0.4.9) +249 more potentially affected by CVE-2020-10770 via org.keycloak:keycloak-core (>=10.0.0 <=12.0.4)

5.3CVSS6.4AI score0.92282EPSS

Exploits5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by