Filter
-Infinity
0

Trending

Last week
Last month
Last year

Keycloak 26.2End of life

First published (updated )
EOL-keycloak-26.2

redhat/rh-sso7-keycloakPath Traversal

critical
9.1
First published (updated )
CVE-2022-3782

maven/org.keycloak:keycloak-coreKeycloak-core: stored xss in keycloak when creating a items in admin console

low
3.8
First published (updated )
CVE-2024-4028

KeycloakA trusted client with long-lived JWT tokens can cause memory exhaustion in Keycloak due to unbounded…

medium
4
First published (updated )
REDHAT-BUG-2353868

maven/org.keycloak:keycloak-servicesKeycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims

medium
5.4
First published (updated )
CVE-2025-1391

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

KeycloakThe issue arises because Keycloak does not perform an LDAP bind after a password reset, leading to p…

medium
4
First published (updated )
REDHAT-BUG-2338993

KeycloakModerate: Red Hat build of Keycloak 26.0.10 Update

medium
4
First published (updated )
RHSA-2025:2545

KeycloakModerate: Red Hat build of Keycloak 26.0.10 Images Update

medium
4
First published (updated )
RHSA-2025:2544

KeycloakA potential security flaw in the "checkLoginIframe" which allows unvalidated cross-origin messages, …

high
7
First published (updated )
REDHAT-BUG-2262918

KeycloakDeployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS en…

high
7
First published (updated )
REDHAT-BUG-2319217

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

KeycloakAn issue was found in the redirect_uri validation logic that allows for a bypass of otherwise explic…

high
7
First published (updated )
REDHAT-BUG-2251407

Keycloak 26.1Reached end of life

First published (updated )
EOL-keycloak-26.1

KeycloakA potential Denial of Service (DoS) vulnerability has been identified in Keycloak, which could allow…

medium
4
First published (updated )
REDHAT-BUG-2328846

KeycloakModerate: Red Hat build of Keycloak 26.0.8 Images Update

medium
4
First published (updated )
RHSA-2025:0299

KeycloakModerate: Red Hat build of Keycloak 26.0.8 Update

medium
4
First published (updated )
RHSA-2025:0300

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

KeycloakThe SAML signature validation method in Keycloak uses the position of the signature within the XML d…

high
7
First published (updated )
REDHAT-BUG-2311641

KeycloakKeycloak versions 26 and earlier are vulnerable to a denial-of-service (DoS) attack through improper…

low
1
First published (updated )
REDHAT-BUG-2317440

KeycloakA vulnerability was found in Keycloak-services package. If untrusted data is passed to the method (S…

medium
4
First published (updated )
REDHAT-BUG-2321214

KeycloakIt is possible to configure Keycloak in such a manner that any application with a 'Valid Redirect UR…

medium
4
First published (updated )
REDHAT-BUG-2312511

maven/org.keycloak:keycloak-corePlaintext storage of user password

high
8.8
First published (updated )
CVE-2023-4918

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/keycloakInfoleak

medium
5.5
First published (updated )
CVE-2019-3868

KeycloakImportant: Red Hat build of Keycloak 26.0.6 Images Update

high
7
First published (updated )
RHSA-2024:10177

KeycloakImportant: Red Hat build of Keycloak 24.0.9 Images Update

high
7
First published (updated )
RHSA-2024:10175

KeycloakImportant: Red Hat build of Keycloak 26.0.6 Update

high
7
First published (updated )
RHSA-2024:10178

KeycloakImportant: Red Hat build of Keycloak 24.0.9 Update

high
7
First published (updated )
RHSA-2024:10176

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

KeycloakThe env option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the jgroups replication configura…

medium
4
First published (updated )
REDHAT-BUG-2324361

Keycloak 26.0Reached end of life

First published (updated )
latest-version-keycloak-26.0

Keycloak 26.0Reached end of life

First published (updated )
EOL-keycloak-26.0

KeycloakKeycloak does not correctly validate its client step-up authentication. A password-authed attacker c…

medium
4
First published (updated )
REDHAT-BUG-2221760

KeycloakUsers with low privileges (just plain users in the realm) are able to utilize administrative functio…

high
7
First published (updated )
REDHAT-BUG-2274403

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203