Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/05/19 10:28 a.m.5 views

CVE-2026-4630

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

6.8CVSS5.6AI score0.00011EPSS
Exploits0References3
Snyk
Snykadded 2026/03/11 12:17 a.m.1 views

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the Keycloak authentication adapter due to missing validation of the azp claim in access tokens...

8.8CVSS5.8AI score0.00046EPSS
Exploits0References2
OSV
OSVadded 2023/08/04 6:15 p.m.2 views

CVE-2023-0264

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue...

5CVSS5.8AI score0.03942EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2023/03/01 10:2 p.m.2 views

keycloak: user impersonation via stolen uuid code

A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issu...

5CVSS6.3AI score0.03942EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2023/03/01 9:58 p.m.3 views

keycloak: user impersonation via stolen uuid code

A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issu...

5CVSS6.3AI score0.03942EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2023/03/01 9:45 p.m.3 views

keycloak: user impersonation via stolen uuid code

A flaw was found in Keycloak's OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issu...

5CVSS6.3AI score0.03942EPSS
Exploits1References4
OSV
OSVadded 2003/04/02 5:0 a.m.1 views

DEBIAN-CVE-2003-0072

The Key Distribution Center KDC in Kerberos 5 krb5 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service crash on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array aka "array overrun"...

5CVSS6.5AI score0.01252EPSS
Exploits0References1
Rows per page
Query Builder