CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...

PT-2026-2979

Name of the Vulnerable Software and Affected Versions Drupal Role Delegation versions 1.3.0 through 1.4.9 Description A privilege escalation issue exists in the Role Delegation module. The module allows site administrators to grant specific roles the authority to assign selected roles to users,...

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...