VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.keycloak:keycloak-services

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-3911 low 2.7 2.7 3mo ago Keycloak: Information disclosure of disabled user attributes via administrative endpoint javaredhat
CVE-2026-37977 unknown 2mo ago Keycloak vulnerable to information disclosure via CORS header injection due to unvalidated JWT azp claim java
CVE-2026-4634 unknown 2mo ago Keycloak: Application-Level DoS via Scope Processing java
CVE-2026-4636 unknown 2mo ago Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants java
CVE-2026-4282 unknown 2mo ago Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw java
CVE-2026-3872 unknown 2mo ago Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint java
CVE-2026-3121 unknown 2mo ago Keycloak: manage-clients permission escalates to full realm admin access java
CVE-2026-4628 unknown 2mo ago Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false java
CVE-2026-3429 unknown 3mo ago Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API java
CVE-2025-12150 unknown 3mo ago Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass java
CVE-2026-2733 unknown 3mo ago Keycloak: Missing Check on Disabled Client for Docker Registry Protocol java
CVE-2026-1529 unknown 4mo ago Keycloak affected by improper invitation token validation java
CVE-2026-1486 unknown 4mo ago Keycloak fails to verify if an Identity Provider (IdP) is enabled before issuing tokens java
CVE-2025-14778 unknown 4mo ago Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService java
CVE-2025-13881 unknown 4mo ago Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes java
CVE-2026-1190 unknown 4mo ago Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods java
CVE-2025-14083 unknown 4mo ago Keycloak Admin REST API exposes backend schema and rules java
CVE-2025-14082 unknown 6mo ago Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions java
CVE-2025-12110 unknown 7mo ago Keycloak does not invalidate offline sessions when the offline_access scope is removed java
CVE-2025-11429 unknown 7mo ago Keycloak does not invalidate sessions when "Remember Me" is disabled java
CVE-2025-3910 unknown 1y ago Keycloak vulnerable to two factor authentication bypass java
CVE-2025-3501 unknown 1y ago Keycloak hostname verification java
CVE-2024-7341 unknown 2y ago Keycloak has session fixation in Elytron SAML adapters java
CVE-2024-4629 unknown 2y ago Keycloak Services has a potential bypass of brute force protection java
CVE-2024-1722 unknown 2y ago Keycloak Denial of Service via account lockout java
CVE-2021-3754 unknown 2y ago Keycloak's improper input validation allows using email as username java
CVE-2024-3656 unknown 2y ago Keycloak's admin API allows low privilege users to use administrative functions java
CVE-2024-4540 unknown 2y ago Keycloak exposes sensitive information in Pushed Authorization Requests (PAR) java
CVE-2023-0657 unknown 2y ago Keycloak vulnerable to impersonation via logout token exchange java
CVE-2023-6787 unknown 2y ago Keycloak vulnerable to session hijacking via re-authentication java
CVE-2024-1132 unknown 2y ago Keycloak path traversal vulnerability in redirection validation java
CVE-2023-6484 unknown 2y ago Keycloak vulnerable to log Injection during WebAuthn authentication or registration java
CVE-2023-6544 unknown 2y ago Keycloak Authorization Bypass vulnerability java
CVE-2023-6717 unknown 2y ago Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow java
CVE-2023-3597 unknown 2y ago Keycloak secondary factor bypass in step-up authentication java
CVE-2023-6134 unknown 3y ago Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri java
CVE-2022-2232 unknown 3y ago Keycloak vulnerable to LDAP Injection on UsernameForm Login java
CVE-2023-2422 unknown 3y ago Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients java
CVE-2022-4361 unknown 3y ago Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC java
CVE-2023-2585 unknown 3y ago Client Spoofing within the Keycloak Device Authorisation Grant java
CVE-2023-0264 unknown 3y ago Keycloak vulnerable to user impersonation via stolen UUID code java
CVE-2014-3652 unknown 4y ago JBoss KeyCloak Open Redirect java
CVE-2022-1245 unknown 4y ago Keycloak vulnerable to privilege escalation on Token Exchange feature java
CVE-2020-10776 unknown 4y ago Cross-site Scripting in keycloak java
CVE-2021-4133 unknown 4y ago Improper Authorization in Keycloak java