5 matches found
CVE-2026-16103
Keycloak CVE-2026-16103 affects the keycloak-services component. It describes an incomplete fix for CVE-2026-9798: brute-force protection checks were added to the CIBA initiation path but omitted from the token redemption path. As a result, an attacker with valid client credentials can obtain acc...
CVE-2026-22746
Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, o...
Vikunja 安全漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.18.0 to 2.2.1 had security vulnerabilities. These vulnerabilities stemmed from insufficient validation of user status during certain authentication processes, allowing users who were already...
CVE-2023-22492 RefreshToken invalidation vulnerability
ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The...
PT-2023-18543 · Zitadel · Zitadel
Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.16.4 ZITADEL versions prior to 2.17.3 Description: ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's...