ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +170 more potentially affected by CVE-2025-8419 via org.keycloak:keycloak-services (>=10.0.0 <=26.2.5)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.0.1, =1.0.2 and more Source cves: CVE-2025-8419 Source advisory: OSV:GHSA-M4J5-5X4R-2XP9...

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An information disclosure vulnerability exists in Discourse discourse-group-membership-ip-block, which originates from sending all group customization fields to the...

Deserialization of untrusted data

Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges such as subscribers to use the tpncrender AJAX action to inject arbitrary PHP objects via the optionsinlineedits parameter. NOTE: exploitability depends on PH...