8 matches found
CVE-2026-14614 Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass
A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...
PT-2026-52509
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.authorization allows an authenticated user who possesses a User-Managed Access UMA permission ticket for a single resource to bypass per-resource access control. By...
Fixed in Apache Tomcat 11.0.8
Moderate: Session fixation possible via rewrite valve CVE-2025-55668 If the rewrite valve was enabled for a web application, an attacker was able to craft a URL that, if a victim clicked on it, would cause the victim's interaction with that resource to occur in the context of the attacker's...
Debian DSA-3667-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5170 A use-after-free issue was discovered in Blink/Webkit. - CVE-2016-5171 Another use-after-free issue was discovered in Blink/Webkit. - CVE-2016-5172 Choongwoo Han discovered an information leak in the v8...
[SECURITY] [DSA 3667-1] chromium-browser security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3667-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 15, 2016 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3667-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5170 A use-after-free issue was discovered in Blink/Webkit. CVE-2016-5171 Another use-after-free issue was discovered in Blink/Webkit. CVE-2016-5172 Choongwoo Han discovered an information leak in the v8 javascript...
DSA-3660-1 chromium-browser - security update
Bulletin has no description...