PT-2026-34453

Name of the Vulnerable Software and Affected Versions OpenRemote versions prior to 1.22.1 Description A user possessing the write:admin role in one Keycloak realm can utilize the Manager API to update Keycloak realm roles for users in a different realm, including the master realm. The issue exist...

Keycloak: Information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

EUVD-2026-11107

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

CVE-2026-3911 Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...

CVE-2026-3911

CVE-2026-3911 describes an information-disclosure flaw in Keycloak. An authenticated user with the view-users role can access a specific administrative endpoint in the UserResource component and retrieve user attributes configured as hidden, exposing sensitive data. The published CVSS v3.1 score ...

CVE-1999-0319

Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting...

VulnCheck KEV: CVE-2018-14667

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...

Authorization Bypass

pimcore/customer-management-framework-bundle is vulnerable to Authorization Bypasses. The application uses improper authorization checks, allowing a malicious user to bypass the authorization mechanisms while trying to access a resource or perform actions...

CVE-2021-21246

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the /users/id endpoint there are no security checks enforced so it is possible to retrieve...

CVE-2018-12101

CVE-2018-12101 affects CMS Clipper 1.3.3 with cross-site scripting in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. The available documents do not specify the exact vulnerability type (stored vs. reflected), root cause, affected components beyond tho...

CVE-2018-12101

CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields...

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

SQL injection vulnerability in BlogManage/Resource/UserForResourceList.aspx page of Shanghai Hongyu Information Technology Co.

ECS ECS education site system is a general-purpose CMS program developed by Shanghai Hongyu Information Technology Co., Ltd. for schools, education and other site-building system. The product BlogManage/Resource/UserForResourceList.aspx page SQL injection vulnerability, an attacker registers an...

wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates pathnames from file name patterns used by the shell, eg...

WU-FTPD 2.42.52.6 Trolltech ftpd 1.2 ProFTPd 1.2 BeroFTPD 1.3.4 FTP - glob Expansion

WU-FTPD 2.42.52.6 Trolltech ftpd 1.2 ProFTPd 1.2 BeroFTPD 1.3.4 FTP - glob Expansion source: https://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates...

CVE-1999-0319

Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting...