5 matches found
EUVD-2025-12660
Malicious code in bioql PyPI...
Improper Certificate Validation
org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The vulnerability is due to insecure default configuration due to setting the verification policy to 'ALL', which unintentionally skips trust store certificate verification...
CVE-2025-3501
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended...
CVE-2025-3501
CVE-2025-3501 affects Keycloak. A trust-store verification bypass occurs when the verification policy is set to ALL, causing the trust store certificate check to be skipped. Related data (GHSA-HW58-3793-42GG) shows a similar trust-verification bypass in Keycloak (hostname verification), illustrat...
CVE-2025-3501
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. Mitigation Use the correct TLS configuration and avoid using "--tls-hostname-verifier=any"...