Filter
AND
-Infinity
0

Trending

Last week
Last month
Last year

maven/org.keycloak:keycloak-coreA flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not …

medium
6.5
First published (updated )
CVE-2023-0105

maven/org.keycloak:keycloak-servicesKeycloak-core: dos via account lockout

medium
5.3
First published (updated )
CVE-2024-1722

maven/org.keycloak:keycloak-ldap-federationKeycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak

medium
5.4
First published (updated )
CVE-2025-0604

KeycloakModerate: Red Hat build of Keycloak 26.0.10 Update

medium
4
First published (updated )
RHSA-2025:2545

KeycloakModerate: Red Hat build of Keycloak 26.0.10 Images Update

medium
4
First published (updated )
RHSA-2025:2544

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat KeycloakA flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Op…

medium
6.1
First published (updated )
CVE-2022-2237

Red Hat 3scaleApicast: use_3scale_oidc_issuer_endpoint of token introspection policy isn't compatible with rh-sso 7.5 or later versions

medium
6.3
First published (updated )
CVE-2024-0560

Red Hat OpenStack PlatformImpact of Terrapin SSH Attack

medium
6
First published (updated )
CVE-2023-48795

Red Hat OpenShift Container PlatformKeycloak: potential bypass of brute force protection

medium
6.5
First published (updated )
CVE-2024-4629

redhat/rh-sso7-keycloakA flaw was found in keycloak-core. This flaw considers the scenario when using X509 Client Certifica…

medium
6.5
First published (updated )
CVE-2023-1664

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat KeycloakKeycloak-core: open redirect on account page

medium
6.1
EPSS
0.04%
First published (updated )
CVE-2024-7260

redhat/keycloakKeycloak: open redirect via "form_post.jwt" jarm response mode

medium
6.1
EPSS
0.12%
First published (updated )
CVE-2023-6927

Red Hat OpenShift Container PlatformKeycloak: vulnerable redirect uri validation results in open redirec

medium
6.8
EPSS
0.24%
First published (updated )
CVE-2024-8883

maven/org.keycloak:keycloak-servicesInput Validation

medium
5.3
First published (updated )
CVE-2021-3754

Red Hat OpenShift Container PlatformKeycloak: reflected xss via wildcard in oidc redirect_uri

medium
5.4
EPSS
0.10%
First published (updated )
CVE-2023-6134

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/keycloakDue to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that…

medium
6.5
First published (updated )
CVE-2022-1466

redhat/KeycloakXSS

medium
5.4
First published (updated )
CVE-2017-12158

maven/org.keycloak:keycloak-coreXSS

medium
6.1
First published (updated )
CVE-2014-3656

JBoss Enterprise Application PlatformPotential EAP resource starvation DOS attack via GET requests for server log files

medium
6.5
First published (updated )
CVE-2016-8627

Red Hat Single Sign-On<a href="https://issues.jboss.org/browse/KEYCLOAK-3667">https://issues.jboss.org/browse/KEYCLOAK-366…

medium
6.5
First published (updated )
CVE-2016-8629

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

JBoss Enterprise Application PlatformInfoleak

medium
6.5
First published (updated )
CVE-2017-2582

Red Hat Single Sign-OnInfoleak

medium
5.9
First published (updated )
CVE-2017-2585

maven/org.keycloak:keycloak-parentXSS

medium
5.4
First published (updated )
CVE-2018-14655

redhat/KeycloakA Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an…

medium
4.9
First published (updated )
CVE-2018-10912

maven/org.keycloak:keycloak-servicesIt was found that SAML authentication in Keycloak incorrectly authenticated expired certificates. A …

medium
5.5
First published (updated )
CVE-2018-10894

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/rh-sso7-keycloakInfoleak

medium
4.3
First published (updated )
CVE-2019-14820

redhat/keycloak-nodejs-connectIt was found that Keycloak's Node.js adapter did not properly verify the web token received from the…

medium
5.5
First published (updated )
CVE-2019-10157

redhat/keycloackA vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verificatio…

medium
6.5
First published (updated )
CVE-2019-3875

redhat/rh-sso7-keycloakA flaw was found in keycloak where it is possible to update the user's metadata attributes using Acc…

medium
4.9
First published (updated )
CVE-2020-27826

maven/org.keycloak:keycloak-coreClient registration endpoints should not allow fetching information about public clients without aut…

medium
6.5
First published (updated )
CVE-2020-27838

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203