Lucene search
+L

6 matches found

cve
cve
added 2026/07/06 10:51 p.m.11 views

CVE-2026-53644

CVE-2026-53644 (FOSSBilling) : Versions 0.5.3–0.7.2 allow authenticated clients to read and reset API key service secrets for orders not in an active state due to missing order-state validation in two client API endpoints, despite an isActive() helper existing in the Serviceapikey module. The iss...

8.6CVSS6AI score0.00251EPSS
Exploits0References1
euvd
euvd
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39474

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/25 4:17 p.m.7 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/25 4:2 p.m.10 views

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token RAT, could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker...

6.5CVSS5.9AI score0.00267EPSS
Exploits0References3
euvd
euvd
added 2025/10/29 10:20 p.m.5 views

EUVD-2025-36698

ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection...

8.1CVSS6.6AI score0.00345EPSS
Exploits0References3
osv
osv
added 2022/05/13 1:9 a.m.32 views

GHSA-F5CH-36RG-VFCC Cross-Site Request Forgery in Apache CXF Fediz

Apache CXF Fediz ships with an OpenId Connect OIDC service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF Cross Style Request Forgery style vulnerability has been found in this web application in Apache CXF Fediz...

8.8CVSS6.9AI score0.01136EPSS
Exploits0References10
Rows per page
Query Builder