Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 265 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak Red HatRed Hat Build of Keycloak Medium 5.8 2026-03-18 04:03:00 Deep Dive
CVE-2026-2575 Keycloak: keycloak: denial of service due to excessive samlrequest decompression Red HatRed Hat build of Keycloak 26.4 Medium 5.3 2026-03-18 03:19:10 Deep Dive
CVE-2026-2603 Keycloak: keycloak: unauthorized authentication via disabled saml identity provider Red HatRed Hat build of Keycloak 26.2 High 8.1 2026-03-18 01:14:54 Deep Dive
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions Red HatRed Hat build of Keycloak 26.2 High 7.7 2026-03-18 01:14:48 Deep Dive
CVE-2026-2366 Keycloak: keycloak: information disclosure via authorization bypass in admin api Red HatRed Hat build of Keycloak 26.4 Low 3.1 2026-03-12 10:54:32 Deep Dive
CVE-2026-3429 Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api Red HatRed Hat build of Keycloak 26.4 Medium 4.2 2026-03-11 16:17:24 Deep Dive
CVE-2026-3911 Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint Red HatRed Hat build of Keycloak 26.4 Low 2.7 2026-03-11 05:36:44 Deep Dive
CVE-2026-3047 Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login Red HatRed Hat build of Keycloak 26.2 High 8.8 2026-03-05 18:28:36 Deep Dive
CVE-2026-3009 Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass) Red HatRed Hat build of Keycloak 26.4 High 8.1 2026-03-05 18:27:43 Deep Dive
CVE-2026-3136 Google Cloud Build Comment Control Bypass Google CloudCloud Build--2026-03-03 16:22:55 Deep Dive
CVE-2025-12150 Org.keycloak/keycloak-services: webauthn attestation statement verification bypass Keycloakkeycloak Low 3.1 2026-02-27 08:10:15 Deep Dive
CVE-2026-0871 Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators Red HatRed Hat build of Keycloak 26.4 Medium 4.9 2026-02-27 07:30:27 Deep Dive
CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol Red HatRed Hat build of Keycloak 26.4 Low 3.8 2026-02-19 07:48:09 Deep Dive
CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs Red HatRed Hat Build of Keycloak Medium 5.0 2026-02-10 10:53:28 Deep Dive
CVE-2025-14778 Keycloak: incorrect ownership checks in /uma-policy/ Red HatRed Hat build of Keycloak 26.2 Medium 5.4 2026-02-09 18:58:29 Deep Dive
CVE-2026-1529 Org.keycloak.services.resources.organizations: keycloak: unauthorized organization registration via improper invitation token validation Red HatRed Hat build of Keycloak 26.2 High 8.1 2026-02-09 18:36:15 Deep Dive
CVE-2026-1486 Org.keycloak.protocol.oidc.grants: disabled identity providers are still accepted for jwt authorization grant Red HatRed Hat build of Keycloak 26.4 High 8.8 2026-02-09 18:36:10 Deep Dive
CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak Red HatRed Hat Build of Keycloak Low 2.7 2026-02-02 07:17:47 Deep Dive
CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api Red HatRed Hat build of Keycloak 26.4 Low 2.7 2026-02-02 05:43:23 Deep Dive
CVE-2024-4027 Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks Red HatOpenShift Serverless High 7.5 2026-01-30 14:25:54 Deep Dive