org.keycloak.services.resources.organizations: Keycloak: Unauthorized organization registration via improper invitation token validation

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...

org.keycloak.services.resources.organizations: Keycloak: Unauthorized organization registration via improper invitation token validation

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token JWT payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an...

CVE-2026-1529

CVE-2026-1529 affects Keycloak. An attacker can craft/modify a legitimate invitation token’s JWT payload to change the organization ID and target email, exploiting a lack of cryptographic signature verification to self-register into an unauthorized organization and gain access. The vulnerability ...

CVE-2025-62601

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...

EUVD-2025-206657

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...

CVE-2025-62602

CVE-2025-62602 affects Fast DDS (DDS implementation in C++). When security mode is enabled, a vulnerability in the DATA Submessage of SPDP packets allows heap buffer overflow through tampering with PID_IDENTITY_TOKEN or PID_PERMISSIONS_TOKEN fields, specifically via readOctetVector reading an unc...

CVE-2025-62600 FastDDS has Out-of-Memory in readPropertySeq via Manipulated DATA Submessage when DDS Security is enabled

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory OOM...

Webkul QloApps 安全漏洞

Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.7.0 and earlier, which stems from the incorrect manipulation of the parameter token in the CSRF Token Handler component, which could lead to authorization bypass...

CLSA-2024-1726769233 krb5: Fix of 2 CVEs

CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application - CVE-2024-37371: fix invalid memory reads during GSS message token handling...

PT-2023-12086 · Suse · Suse

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the failure to validate the value in APCB, which may allow a privileged attacker to tamper with the APCB token. This tampering...

CSRF Magic has an unspecified vulnerability

CSRF Magic is a CSRF Cross Site Request Forgery protection library for PHP applications. A security vulnerability in the 'csrfcallback' function in CSRF Magic 2016-03-27 and prior versions stems from a program that allows an attacker to tamper with csrf token values. A remote attacker can exploit...