Lucene search
K

15 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.6 views

keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.44 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.6.4 Security Update

New Red Hat build of Keycloak 26.6.4 packages are available from the Customer Portal Red Hat build of Keycloak 26.6.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

8.8CVSS5.9AI score0.00519EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.5 views

keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.9 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS0.00267EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:17 p.m.5 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 4:17 p.m.10 views

CVE-2026-9705

Affected software & component: Keycloak – client registration service. Vulnerability: An attacker with a previously issued Registration Access Token (RAT) can re-enable a client that an administrator had disabled. This bypasses security controls and allows the attacker to reset the client’s secre...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:17 p.m.35 views

CVE-2026-9705 Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS0.00267EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 4:17 p.m.5 views

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 4:2 p.m.6 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52508

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the client registration service allows a remote attacker with a previously issued Registration Access Token RAT to re-enable a client that was explicitly disabled by an...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/22 3:31 p.m.7 views

EUVD-2026-24744

Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise th...

8.7CVSS5.8AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2025/03/07 8:15 a.m.7 views

CVE-2025-1309

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uipsaveformasoption function in all versions up to, and including, 3.5.04...

8.8CVSS0.00429EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/08 12:0 a.m.15 views

CVE-2023-27195

Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tmajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tmajax.msw request. If the access code was used to create an Administrator...

0.01018EPSS
Exploits2References2
OSV
OSV
added 2024/10/10 2:15 a.m.5 views

CVE-2024-9518

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.6 views

PT-2023-25932 · Weintek · Weintek Weincloud

Name of the Vulnerable Software and Affected Versions: Weintek Weincloud version 0.13.6 Description: The issue allows an attacker to abuse the registration functionality to login with testing credentials to the official website. Recommendations: For Weintek Weincloud version 0.13.6, consider...

8.8CVSS8.5AI score0.00511EPSS
Exploits0References5
Rows per page
Query Builder