Lucene search
K

5 matches found

NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-8823

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS0.00231EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 11:23 a.m.10 views

keycloak: org.keycloak.services: Keycloak: Information Disclosure via evaluate-scopes Admin API

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 10:52 a.m.14 views

EUVD-2026-30882

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 10:47 a.m.12 views

CVE-2026-37978

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.8AI score0.00398EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41869

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Admin API allows a low-privilege administrator with the 'view-clients' role to cause cross-role personally identifiable information PII leakage. By invoking the 'evaluate-scope...

4.9CVSS5.9AI score0.00398EPSS
Exploits0References6
Rows per page
Query Builder