22 matches found
keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-9800
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
EUVD-2026-39471
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-9800
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-9800
CVE-2026-9800 affects Keycloak Policy Enforcer. The issue allows any authenticated user to bypass authorization checks (roles, scopes, UMA) by leveraging the configured access-denied page path in the request URL, either as a path segment or a query parameter. Root cause described in records as an...
CVE-2026-9800 Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-9800 Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-9800
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
PT-2026-52510
Name of the Vulnerable Software and Affected Versions Keycloak Policy Enforcer affected versions not specified Description An issue exists that allows authenticated users to bypass authorization policies, including role, scope, and User-Managed Access UMA permission checks. An attacker can gain...
CVE-2026-42999
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...
PT-2026-44464
Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14.0.0 through 29.0.1 Description The RBAC policy enforcer in the enforce call function unconditionally merges the raw JSON request body into the policy enforcement dictionary using policy dict.updatejson input.copy...
CVE-2026-42999
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...
CVE-2026-42999
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...
EUVD-2025-33403
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198 Security Director Policy Enforcer: An unrestricted API allows a network-based unauthenticated attacker to deploy malicious vSRX images to VMWare NSX Server
A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates deployment, Security Director Policy Enforcer wil...
CVE-2025-11198
CVE-2025-11198 describes a Missing Authentication for Critical Function in Juniper Networks Security Director Policy Enforcer. An unauthenticated, network-based attacker can cause deployment of malicious vSRX images by replacing legitimate images when a trusted user initiates deployment; the atta...