119 matches found
Brute Force
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Brute Force via the processLoginRequest function. An attacker can gain unauthorized access by sending unlimited authentication attempts over a WebSocket connection,...
CVE-2026-31707
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...
CVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...
CVE-2026-31707
The CVE-2026-31707 issue affects the Linux kernel ksmbd component. The overflow vulnerability in ipc_validate_msg() arises from arithmetic on attacker-controlled fields when computing per-response message sizes, allowing wraparound in three cases (RPC_REQUEST, SHARE_CONFIG_REQUEST, LOGIN_REQUEST_...
EUVD-2026-26516
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipcvalidatemsg ipcvalidatemsg computes the expected message size for each response type by adding or multiplying attacker-controlled fields from the daemon response to a fixed struct size in...
PT-2026-36337
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the ipc validate msg function within the ksmbd module. The function calculates the expected message size for response types by performing unsigned integer...
CVE-2026-4631
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
CVE-2026-4828
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...
PT-2026-29536
Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote attacker with valid credentials to bypass multi-factor authentication via a crafted login request...
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...
Authorization Bypass Through User-Controlled Key
Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the IdentityBrokerService.performLogin endpoin...
GHSA-M297-3JV9-M927 Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...
EUVD-2026-9863
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...
CVE-2026-3009
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...
CVE-2026-3009
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...
org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass)
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...
CVE-2026-3009 Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider IdP even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the...
CVE-2026-3009
Keycloak’s IdentityBrokerService.performLogin path is vulnerable to an authentication bypass where an attacker can reuse a previously generated login request to authenticate via a disabled IdP. Multiple sources (Red Hat advisories RHSA-2026:3947/3948, GHSA entry) describe Improper Enforcement of ...
PT-2026-23493
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the IdentityBrokerService.performLogin endpoint of Keycloak that allows authentication to continue using an Identity Provider IdP even after it has been administratively...
EUVD-2013-5308
Malware in sbrugna...