| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-1391 | Keycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims | - | - | Medium | 5.4 | 2025-02-17 14:01:35 | Deep Dive |
| CVE-2025-23367 | Org.wildfly.core:wildfly-server: wildfly improper rbac permission | - | - | Medium | 6.5 | 2025-01-30 14:30:04 | Deep Dive |
| CVE-2025-0604 | Keycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak | - | - | Medium | 5.4 | 2025-01-22 14:34:46 | Deep Dive |
| CVE-2024-11736 | Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables | - | - | Medium | 4.9 | 2025-01-14 08:36:09 | Deep Dive |
| CVE-2024-11734 | Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers | - | - | Medium | 6.5 | 2025-01-14 08:35:42 | Deep Dive |
| CVE-2024-10973 | Keycloak: cli option for encrypted jgroups ignored | - | - | Medium | 5.7 | 2024-12-17 22:59:39 | Deep Dive |
| CVE-2024-12397 | Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling | - | - | High | 7.4 | 2024-12-12 09:05:28 | Deep Dive |
| CVE-2024-12369 | Elytron-oidc-client: oidc authorization code injection | - | - | Medium | 4.2 | 2024-12-09 20:53:09 | Deep Dive |
| CVE-2024-53843 | Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server | DapperDuckling | keycloak-connector | High | 8.1 | 2024-11-25 23:18:59 | Deep Dive |
| CVE-2024-10492 | Keycloak-quarkus-server: keycloak path trasversal | - | - | 低危 | - | 2024-11-25 07:37:31 | Deep Dive |
| CVE-2024-10270 | Org.keycloak:keycloak-services: keycloak denial of service | - | - | Medium | 6.5 | 2024-11-25 07:37:05 | Deep Dive |
| CVE-2024-10451 | Org.keycloak:keycloak-quarkus-server: sensitive data exposure in keycloak build process | Red Hat | Red Hat build of Keycloak 24 | Medium | 5.9 | 2024-11-25 07:37:05 | Deep Dive |
| CVE-2024-9666 | Org.keycloak/keycloak-quarkus-server: keycloak proxy header handling denial-of-service (dos) vulnerability | - | - | Medium | 4.7 | 2024-11-25 07:29:52 | Deep Dive |
| CVE-2023-0657 | Keycloak: impersonation via logout token exchange | - | - | Low | 3.4 | 2024-11-17 10:19:04 | Deep Dive |
| CVE-2024-10234 | Wildfly: wildfly vulnerable to cross-site scripting (xss) | - | - | Medium | 6.1 | 2024-10-22 13:17:58 | Deep Dive |
| CVE-2024-3656 | Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities | - | - | High | 8.1 | 2024-10-09 18:59:11 | Deep Dive |
| CVE-2024-8883 | Keycloak: vulnerable redirect uri validation results in open redirec | - | - | Medium | 6.1 | 2024-09-19 15:48:28 | Deep Dive |
| CVE-2024-8698 | Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak | - | - | High | 7.7 | 2024-09-19 15:48:18 | Deep Dive |
| CVE-2024-7341 | Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters | - | - | High | 7.1 | 2024-09-09 18:51:14 | Deep Dive |
| CVE-2024-7318 | Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity | - | - | Medium | 4.8 | 2024-09-09 18:50:37 | Deep Dive |