Filter
AND
-Infinity
0

Trending

Last week
Last month
Last year

KeycloakA trusted client with long-lived JWT tokens can cause memory exhaustion in Keycloak due to unbounded…

medium
4
First published (updated )
REDHAT-BUG-2353868

maven/org.keycloak:keycloak-servicesKeycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims

medium
5.4
First published (updated )
CVE-2025-1391

KeycloakThe issue arises because Keycloak does not perform an LDAP bind after a password reset, leading to p…

medium
4
First published (updated )
REDHAT-BUG-2338993

KeycloakModerate: Red Hat build of Keycloak 26.0.10 Update

medium
4
First published (updated )
RHSA-2025:2545

KeycloakModerate: Red Hat build of Keycloak 26.0.10 Images Update

medium
4
First published (updated )
RHSA-2025:2544

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

KeycloakA potential Denial of Service (DoS) vulnerability has been identified in Keycloak, which could allow…

medium
4
First published (updated )
REDHAT-BUG-2328846

KeycloakModerate: Red Hat build of Keycloak 26.0.8 Images Update

medium
4
First published (updated )
RHSA-2025:0299

KeycloakModerate: Red Hat build of Keycloak 26.0.8 Update

medium
4
First published (updated )
RHSA-2025:0300

KeycloakA vulnerability was found in Keycloak-services package. If untrusted data is passed to the method (S…

medium
4
First published (updated )
REDHAT-BUG-2321214

KeycloakIt is possible to configure Keycloak in such a manner that any application with a 'Valid Redirect UR…

medium
4
First published (updated )
REDHAT-BUG-2312511

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/keycloakInfoleak

medium
5.5
First published (updated )
CVE-2019-3868

KeycloakThe env option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the jgroups replication configura…

medium
4
First published (updated )
REDHAT-BUG-2324361

KeycloakKeycloak does not correctly validate its client step-up authentication. A password-authed attacker c…

medium
4
First published (updated )
REDHAT-BUG-2221760

redhat/rh-sso7-keycloakKeycloak: xss on impersonation under specific circumstances

medium
6.4
First published (updated )
CVE-2022-1438

redhat/keycloak-httpd-client-installkeycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local a…

medium
5.5
First published (updated )
CVE-2017-15111

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

KeycloakModerate: Red Hat build of Keycloak 22.0.12 Images Update

medium
4
First published (updated )
RHSA-2024:6500

KeycloakModerate: Red Hat build of Keycloak 22.0.12 Update

medium
4
First published (updated )
RHSA-2024:6501

KeycloakModerate: Red Hat build of Keycloak 24.0.7 Update

medium
4
First published (updated )
RHSA-2024:6503

KeycloakModerate: Red Hat build of Keycloak 24.0.7 Images Update

medium
4
First published (updated )
RHSA-2024:6502

KeycloakCSRF

medium
4.3
First published (updated )
CVE-2014-3655

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

maven/org.keycloak:keycloak-servicesJBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.

medium
6.1
First published (updated )
CVE-2014-3652

maven/org.keycloak:keycloak-coreA flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not n…

medium
6.1
First published (updated )
CVE-2018-14658

redhat/rh-sso7-keycloakInput Validation

medium
5.4
First published (updated )
CVE-2020-35509

redhat/rh-sso7-keycloakA flaw was found in Keycloak, where an external identity provider, after successful authentication, …

medium
4.9
First published (updated )
CVE-2020-14302

KeycloakA community-only flaw was found where a malicious user can register himself and then uses the "remov…

medium
6.5
First published (updated )
CVE-2020-10686

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/rh-sso7-keycloakA flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authenticatio…

medium
6.8
First published (updated )
CVE-2020-1744

redhat/rh-sso7-keycloakA flaw was found in Keycloak’s Admin Console, where it is missing HTTP security headers in HTTP resp…

medium
5.8
First published (updated )
CVE-2020-1728

redhat/keycloakInput Validation

medium
6.4
First published (updated )
CVE-2020-1727

KeycloakA flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a r…

medium
5.5
First published (updated )
CVE-2020-1725

redhat/keycloakInfoleak

medium
5.5
First published (updated )
CVE-2020-1698

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203