CVE-2025-10044
CVE-2025-10044 affects Keycloak: error_description injection on error pages allows arbitrary text to be rendered in the UI, enabling phishing-like messages (e.g., fake support numbers/URLs) without XSS. The issue is mitigated by HTML encoding but still enables deceptive content within the trusted...