Lucene search
K

15 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/22 8:31 p.m.6 views

CVE-2026-41166

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...

7CVSS5.7AI score0.00285EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/16 5:2 a.m.34 views

CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS0.00315EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2173

Malware in sbrugna...

7.2CVSS6.2AI score0.01153EPSS
Exploits0References5
OSV
OSV
added 2022/03/22 10:21 a.m.9 views

SUSE-SU-2022:0934-1 Security update for binutils

This update for binutils fixes the following issues: - For compatibility on old code stream that expect 'brcl 0,label' to not be disassembled as 'jgnop label' on s390x. bsc1192267 This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO bsc1188941. - Fix empt...

7.8CVSS6.6AI score0.03412EPSS
Exploits12References34
OSV
OSV
added 2021/11/04 11:29 a.m.11 views

SUSE-SU-2021:3616-1 Security update for binutils

This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...

6.3CVSS5.8AI score0.01287EPSS
Exploits10References28
OSV
OSV
added 2021/11/04 11:29 a.m.10 views

OPENSUSE-SU-2021:3616-1 Security update for binutils

This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...

6.3CVSS6.3AI score0.01287EPSS
Exploits10References28
OPENSUSE Linux
OPENSUSE Linux
added 2021/11/04 12:0 a.m.58 views

Security update for binutils (moderate)

openSUSE Security Update: Security update for binutils Announcement ID: openSUSE-SU-2021:3616-1 Rating: moderate References: 1179898 1179899 1179900 1179901 1179902 1179903 1180451 1180454 1180461 1181452 1182252 1183511 1184620 1184794 PM-2767 SLE-18637 SLE-19618 SLE-21561 Cross-References:...

6.3CVSS7.2AI score0.01287EPSS
Exploits10References18
Veracode
Veracode
added 2021/10/22 9:21 a.m.26 views

Privilege Escalation

keycloak is vulnerable to privilege escalation. The realm management interface permits unauthorised setting up of scripts via the policy, allowing an attacker to inject and execute a malicious script with the permissions of the application user...

7.2CVSS4.9AI score0.01153EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/10/21 5:46 p.m.23 views

GHSA-7M27-3587-83XF Privilege Defined With Unsafe Actions in Keycloak

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

7.2CVSS7AI score0.01153EPSS
Exploits0References3
NVD
NVD
added 2020/05/08 2:15 p.m.35 views

CVE-2019-10170

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

7.2CVSS6.7AI score0.01153EPSS
Exploits0References1
OSV
OSV
added 2020/05/08 2:15 p.m.33 views

CVE-2019-10170

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

7.2CVSS7.1AI score0.01153EPSS
Exploits0References1
Prion
Prion
added 2020/05/08 2:15 p.m.24 views

Design/Logic Flaw

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

6.5CVSS7.1AI score0.01153EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/08 1:47 p.m.33 views

CVE-2019-10170

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

6.6CVSS7AI score0.01153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/04/30 7:40 p.m.41 views

CVE-2019-10170

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

6.5CVSS4AI score0.01153EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/10/14 6:59 p.m.2 views

keycloak: script execution via realm management policy trigger

A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the...

7.2CVSS6.1AI score0.01153EPSS
Exploits0References4
Rows per page
Query Builder