Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.11 views

keycloak: Keycloak: Information disclosure due to user profile permission bypass

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.3AI score0.00348EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 7:52 a.m.12 views

EUVD-2026-34790

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.4AI score0.00348EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:52 a.m.8 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5.4AI score0.00348EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 a.m.11 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54317

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00289EPSS
Exploits1References2
NVD
NVD
added 2025/03/27 7:15 p.m.14 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS0.00289EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.22 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

0.00289EPSS
Exploits1References2
Rows per page
Query Builder