Lucene search
K

8 matches found

Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-14614 Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS0.00146EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/25 4:17 p.m.6 views

CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52509

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.authorization allows an authenticated user who possesses a User-Managed Access UMA permission ticket for a single resource to bypass per-resource access control. By...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References8
Apache Tomcat
Apache Tomcat
added 2025/06/09 12:0 a.m.19 views

Fixed in Apache Tomcat 11.0.8

Moderate: Session fixation possible via rewrite valve CVE-2025-55668 If the rewrite valve was enabled for a web application, an attacker was able to craft a URL that, if a victim clicked on it, would cause the victim's interaction with that resource to occur in the context of the attacker's...

8.4CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/09/16 12:0 a.m.40 views

Debian DSA-3667-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5170 A use-after-free issue was discovered in Blink/Webkit. - CVE-2016-5171 Another use-after-free issue was discovered in Blink/Webkit. - CVE-2016-5172 Choongwoo Han discovered an information leak in the v8...

8.8CVSS7.6AI score0.0186EPSS
Exploits0References16
Debian
Debian
added 2016/09/15 4:41 a.m.47 views

[SECURITY] [DSA 3667-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3667-1 [email protected] https://www.debian.org/security/ Michael Gilbert September 15, 2016 https://www.debian.org/security/faq -...

6.8CVSS0.3AI score0.0186EPSS
Exploits0
OpenVAS
OpenVAS
added 2016/09/15 12:0 a.m.34 views

Debian Security Advisory DSA 3667-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5170 A use-after-free issue was discovered in Blink/Webkit. CVE-2016-5171 Another use-after-free issue was discovered in Blink/Webkit. CVE-2016-5172 Choongwoo Han discovered an information leak in the v8 javascript...

6.8CVSS0.4AI score0.0186EPSS
Exploits0References1
OSV
OSV
added 2016/09/05 12:0 a.m.46 views

DSA-3660-1 chromium-browser - security update

Bulletin has no description...

8.8CVSS6.8AI score0.04702EPSS
Exploits0
Rows per page
Query Builder