Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-14559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading...

6.5CVSS5.3AI score0.00443EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/21 6:44 a.m.2 views

Improper Enforcement of Behavioral Workflow

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow via the Token Exchange implementation. An attacker can obtain...

8.5CVSS5.7AI score0.00443EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.9 views

Keycloak security vulnerabilities

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from a business logic flaw in the token exchange mechanism. This flaw may lead to the issuance of access and refresh tokens for disabled users,...

6.5CVSS5.8AI score0.00443EPSS
Exploits0References2
OSV
OSV
added 2025/11/27 5:47 p.m.7 views

CVE-2025-12421 Account Takeover via Code Exchange Endpoint

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email...

9.9CVSS7.2AI score0.0031EPSS
Exploits0References3
Snyk
Snyk
added 2025/03/11 3:27 p.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...

8.2CVSS7AI score0.00445EPSS
Exploits0References2
Rows per page
Query Builder