7491 matches found
Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...
GHSA-93VM-MQPW-8WH3 Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4hx9-48xh-5mxr. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm...
GO-2025-4133 Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server
Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...
CVE-2025-13467
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration...
org.keycloak.storage.ldap: Keycloak: Deserialization of Untrusted Data in LDAP User Federation
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration...
org.keycloak.storage.ldap: Keycloak: Deserialization of Untrusted Data in LDAP User Federation
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration...
CVE-2025-13467 Org.keycloak.storage.ldap: keycloak: deserialization of untrusted data in ldap user federation
A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration...
CVE-2025-13467
A CVE-2025-13467 issue affects Keycloak’s LDAP User Federation provider. An authenticated realm administrator can trigger deserialization of untrusted Java objects by feeding a malicious LDAP server configuration. Public documentation in connected advisories confirms this is an admin-triggered de...
PT-2025-48039
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Keycloak LDAP User Federation provider that allows an authenticated realm administrator to trigger deserialization of untrusted Java objects. This is achieved through a...
Red Hat build of Keycloak 安全漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A security vulnerability exists in Red Hat build of Keycloak version 26.2, which originates from deserializing untrusted Java objects and could lead to remote code execution...
ROS-20251125-12
Vulnerability of QuerySet and Q objects of Django web application development platform is related to failure to take measures to protect the SQL query structure when processing an argument with the connector keyword. Exploitation of the vulnerability could allow an attacker acting remotely to...
AI teddy bear for kids responds with sexual content and advice about weapons
In testing, FoloToy’s AI teddy bear jumped from friendly chat to sexual topics and unsafe household advice. It shows how easily artificial intelligence can cross serious boundaries. It’s a fair moment to ask whether AI-powered stuffed animals are appropriate for children. It’s easy to get swept u...
CouchAuth 安全漏洞
CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...
EUVD-2025-198045
Mattermost allows other users to determine when users had read channels via channel member objects...
GHSA-9HH7-6558-QFP2 Mattermost allows other users to determine when users had read channels via channel member objects
Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...
Mattermost allows other users to determine when users had read channels via channel member objects
Mattermost versions 10.11.x = 10.11.3, and 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...
CVE-2025-55074
Mattermost server (versions 10.11.x <= 10.11.3 and 10.5.x
CVE-2025-55074 Channel member objects leak read status
Mattermost versions 10.11.x = 10.11.3, 10.5.x = 10.5.11 fail to enforce access permissions on the Agents plugin which allows other users to determine when users had read channels via channel member objects...
kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...
PT-2025-47329
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Description The Mattermost application does not properly enforce access permissions within the Agents plugin. This allows other users to determine when user...