Lucene search
K

19 matches found

OSV
OSV
added 2026/05/19 12:31 p.m.9 views

GHSA-4X37-HW65-52W8 Keycloak: Information disclosure via OIDC token introspection endpoint audience bypass

A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect OIDC token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims intended for other...

6.5CVSS5.7AI score0.00366EPSS
Exploits0References8
CVE
CVE
added 2026/04/22 8:31 p.m.18 views

CVE-2026-41166

Summary of CVE-2026-41166 : OpenRemote prior to v1.22.1 allows a user with the OpenRemote Keycloak realm role write:admin in one realm to call the Manager API and update realm roles for users in a different realm, including the master realm. The underlying issue is that the handler uses the {real...

7CVSS5.7AI score0.00285EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 8:31 p.m.6 views

CVE-2026-41166

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...

7CVSS5.7AI score0.00285EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-1253

Malware in sbrugna...

8.8CVSS8.8AI score0.01087EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27027

Malicious code in bioql PyPI...

2.7CVSS3.7AI score
Exploits0References5
NVD
NVD
added 2025/09/05 8:15 p.m.4 views

CVE-2025-10043

Rejected reason: Considered by the maintainers a bug scenario experienced rather than a vulnerability...

Exploits0
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:0 p.m.6 views

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

...

9.8CVSS7AI score0.01421EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-4404

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the...

9.1CVSS7.5AI score0.01827EPSS
Exploits1References3
OSV
OSV
added 2025/06/17 2:15 p.m.2 views

DEBIAN-CVE-2025-4404

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS8.4AI score0.01827EPSS
Exploits1References1
OSV
OSV
added 2025/06/17 2:15 p.m.3 views

UBUNTU-CVE-2025-4404

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS5.7AI score0.01827EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2025/05/22 1:58 a.m.10 views

CVE-2016-4426

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm...

4.3CVSS6.9AI score0.00445EPSS
Exploits0References1
OSV
OSV
added 2024/06/11 7:16 p.m.6 views

CVE-2024-28022

A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account...

6.5CVSS5.9AI score0.00358EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/27 3:16 p.m.1 views

CVE-2023-0456

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information...

7.5CVSS7AI score0.0064EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/03/21 3:13 a.m.3 views

SUSE CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

8.4CVSS9.4AI score0.01421EPSS
Exploits0References3
OSV
OSV
added 2023/03/13 1:15 a.m.2 views

DEBIAN-CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS8.2AI score0.01421EPSS
Exploits0References1
OSV
OSV
added 2023/03/13 1:15 a.m.3 views

UBUNTU-CVE-2023-28154

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS7.2AI score0.01421EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.4 views

PT-2023-21600 · Webpack +3 · Webpack +3

Name of the Vulnerable Software and Affected Versions: Webpack versions prior to 5.76.0 Description: The issue concerns cross-realm object access. Specifically, the ImportParserPlugin.js mishandles the magic comment feature, allowing an attacker who controls a property of an untrusted object to...

9.8CVSS6.5AI score0.0183EPSS
Exploits0References40
RedHat Linux
RedHat Linux
added 2020/06/04 1:6 p.m.12 views

keycloak: cross-realm user access auth bypass

A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...

7.5CVSS5.8AI score0.0054EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.3 views

keycloak: cross-realm user access auth bypass

A flaw was found in the Keycloak REST API where it would permit user access from a realm the user was not configured. An authenticated attacker with knowledge of a user id could use this flaw to access unauthorized information or to carry out further attacks...

7.5CVSS5.8AI score0.0054EPSS
Exploits0References4
Rows per page
Query Builder