Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2025/12/02 1:21 a.m.6 views

Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS6.2AI score0.00013EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2025/12/02 1:21 a.m.2 views

GHSA-VJR8-56P3-FMQQ Keycloak unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS5.8AI score0.00013EPSS
Exploits0References7
OSV
OSVadded 2025/10/28 6:31 a.m.1 views

GHSA-C6CM-5GC7-C3F4 Duplicate Advisory: Keycloak allows access to admin path through flaw

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the...

3.7CVSS5.7AI score0.00013EPSS
Exploits0References8
OSV
OSVadded 2025/10/28 4:16 a.m.1 views

CVE-2025-10939

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

3.7CVSS5.7AI score0.00013EPSS
Exploits0References6
Snyk
Snykadded 2025/10/28 3:46 a.m.3 views

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the /admin application path relative to /realms when accessed through a proxy that does not properly restrict or normalize URLs. An attacker can gain unauthorized access to sensitive administrative...

6.3CVSS6.7AI score0.00013EPSS
Exploits0References2
CVE
CVEadded 2025/10/28 3:8 a.m.7 views

CVE-2025-10939

Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...

3.7CVSS6.2AI score0.00013EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/10/28 12:0 a.m.3 views

PT-2025-44084

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the /admin path can be accessed via a proxy, such as ha-proxy, by using relative or non-normalized paths. Keycloak documentation advises against exposing the...

3.7CVSS6.5AI score0.00013EPSS
Exploits0References16
Rows per page
Query Builder