Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 10:35 a.m.10 views

CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.8 views

CVE-2019-13562

D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/pingresponse.cgi pingipaddr parameter, the /www/ping6response.cgi ping6ipaddr parameter, and the /www/applysec.cgi htmlresponsereturnpage parameter...

6.1CVSS7.1AI score0.0177EPSS
Exploits1References1
NVD
NVD
added 2023/01/03 3:15 a.m.23 views

CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

8.8CVSS9.2AI score0.01507EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/06/10 4:51 p.m.4 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
Rows per page
Query Builder