Where
-Infinity
0

Trending

Last week
Last month
Last year

Keycloak KeycloakKeycloak: keycloak: denial of service via malformed ldap password policy response

Risk 22
Severity
4.9
EPSS
0.25%
First published (updated )
CVE-2026-9801

Keycloak KeycloakKeycloak: keycloak: brute-force protection bypass in ciba flow

Risk 16
Severity
4.3
EPSS
0.05%
First published (updated )
CVE-2026-9798

Keycloak KeycloakKeycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart

Risk 38
Severity
6.8
EPSS
0.04%
First published (updated )
CVE-2026-9802

Keycloak KeycloakA flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2482467

Keycloak KeycloakKeycloak: keycloak: denial of service via malformed authorization header

Risk 19
Severity
5.3
EPSS
0.10%
First published (updated )
CVE-2026-9803
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Keycloak KeycloakA flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker c…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2482465

Keycloak KeycloakKeycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

Risk 37
Severity
6.5
EPSS
0.03%
First published (updated )
CVE-2026-9796

Keycloak KeycloakA flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can expl…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2482464

Keycloak KeycloakKeycloak: keycloak: privilege escalation via improper scope mapping enforcement

Risk 38
Severity
7.3
EPSS
0.03%
First published (updated )
CVE-2026-9795

Keycloak KeycloakSummary Under FGAPv2, the ScopeMappedResource and ScopeMappedClientResource write endpoints (add an…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2482462
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Keycloak KeycloakKeycloak: keycloak: information disclosure via saml ecp endpoint

Risk 19
Severity
5.3
EPSS
0.04%
First published (updated )
CVE-2026-9794

Keycloak KeycloakA flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by s…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2482461

Keycloak KeycloakKeycloak: keycloak: security policy bypass in jwe-encrypted request object processing

Risk 31
Severity
7.5
EPSS
0.01%
First published (updated )
CVE-2026-9793

Keycloak KeycloakKeycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition

Risk 28
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2026-9792

Keycloak KeycloakA flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc`…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2482459
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Keycloak KeycloakKeycloak-rhel9: organization data leak after feature disabled in keycloak

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2026-9791

Keycloak KeycloakSummary: When organizationsEnabled is set to false at the realm level, Keycloak correctly blocks th…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2482458

Keycloak KeycloakKeycloak: keycloak: privilege escalation due to oversized subject_token jwt

Risk 56
Severity
8.8
EPSS
0.04%
First published (updated )
CVE-2026-9704

Keycloak KeycloakKeycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604

Risk 21
Severity
4.2
EPSS
0.07%
First published (updated )
CVE-2026-9689

Keycloak KeycloakKeycloak: keycloak: information disclosure due to user profile permission bypass

Risk 12
Severity
2.7
EPSS
0.01%
First published (updated )
CVE-2026-9088
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Keycloak KeycloakA flaw was found in org.keycloak.services. An administrator with delegated access to read group memb…

Risk 5
Severity
1
First published (updated )
REDHAT-BUG-2480179

Keycloak KeycloakKeycloak: cross-session email verification proof not bound to upstream identity in first-broker-login

Risk 42
Severity
8.1
EPSS
0.03%
First published (updated )
CVE-2026-9087

Keycloak KeycloakA flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, i…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2480172

Keycloak KeycloakOrg.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services

Risk 25
Severity
5.4
EPSS
0.01%
First published (updated )
CVE-2026-8922

Keycloak KeycloakKeycloak: keycloak: denial of service via specially crafted saml input

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2026-7307
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Keycloak KeycloakA flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML in…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2476526

Keycloak KeycloakKeycloak: keycloak: access token disclosure and implicit flow bypass via forged client data

Risk 35
Severity
7.1
EPSS
0.01%
First published (updated )
CVE-2026-7571

Keycloak KeycloakA flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2464263

Keycloak KeycloakKeycloak: keycloak: privilege escalation via partialimport fgap permission bypass

Risk 66
Severity
7.2
First published (updated )
CVE-2026-11577

Keycloak KeycloakPrivilege escalation in Keycloak via POST /admin/realms/{realm}/partialImport. The endpoint bypasses…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2459993
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203