Lucene search
K

16 matches found

CVE
CVE
added 2026/06/30 12:0 p.m.12 views

CVE-2026-12388

CVE-2026-12388 affects Keycloak’s Identity Provider (IdP) mapper component. A restricted administrator can abuse a misconfigured or specifically a Hardcoded Role mapper to assign high-privilege roles (e.g., realm-admin) to themselves or other users, bypassing security checks and gaining full cont...

6.5CVSS5.8AI score0.00233EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/08 1:16 p.m.22 views

CVE-2026-11577

Rejected reason: The reported behavior does not constitute a privilege escalation. Exploitation requires the attacker to already possess the manage-realm administrative role within the realm-management client. By design, the manage-realm role is intended to be equivalent in administrative authori...

0.00329EPSS
Exploits0
EUVD
EUVD
added 2026/06/08 11:44 a.m.13 views

EUVD-2026-35058

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/realm/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions FGAP and escalate their privileges to a full realm administrator by importin...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 11:44 a.m.180 views

CVE-2026-11577

Keycloak vulnerability CVE-2026-11577 involves improper access control in POST /admin/realms/{realm}/partialImport. A limited administrator with the manage-realm role can import users with realm-admin role mappings to escalate to a full realm administrator, gaining full control. By design, manage...

5.5AI score0.00329EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/28 3:49 a.m.9 views

CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/09 8:37 p.m.4 views

org.keycloak.services.resources.admin: Keycloak: Limited administrator can retrieve sensitive user attributes via Admin API

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...

2.7CVSS5.7AI score0.00364EPSS
Exploits0References4
CVE
CVE
added 2026/02/02 5:43 a.m.19 views

CVE-2025-13881

The CVE-2025-13881 entry describes a vulnerability in the Keycloak Admin API where an administrator with limited privileges can retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings. Affected software is Keycloak Admin API (details ...

2.7CVSS5.8AI score0.00364EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/02 5:43 a.m.24 views

CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...

2.7CVSS0.00364EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/02 5:43 a.m.4 views

CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...

2.7CVSS5.3AI score0.00364EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-9054

Malware in sbrugna...

6.5CVSS6.4AI score0.01724EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:32 a.m.5 views

CVE-2017-15948

Perch Content Management System 3.0.3 allows unrestricted file upload with resultant XSS via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account...

4.8CVSS5.3AI score0.00589EPSS
Exploits3References1
OSV
OSV
added 2024/10/02 5:15 p.m.6 views

CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

5.4CVSS5.8AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/02 4:53 p.m.12 views

CVE-2024-20442 Cisco Nexus Dashboard Unauthorized API Endpoints Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

5.4CVSS6.7AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.9 views

PT-2024-8626 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an...

5.5CVSS6.9AI score0.0037EPSS
Exploits0References8
Prion
Prion
added 2015/09/20 8:59 p.m.24 views

Sql injection

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection SEP before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role...

6.5CVSS8.7AI score0.01724EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/09/20 8:0 p.m.28 views

CVE-2014-9229

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection SEP before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role...

8AI score0.01724EPSS
Exploits0References3
Rows per page
Query Builder