Where
-Infinity
0

Trending

Last week
Last month
Last year

redhat Build Of KeycloakOrg.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login

Risk 57
Severity
8.8
EPSS
0.43%
First published (updated )
CVE-2026-3047

redhat Build Of KeycloakOrg.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators

Risk 30
Severity
4.9
First published (updated )
CVE-2026-0871

redhat Build Of KeycloakOrg.keycloak/keycloak-services: webauthn attestation statement verification bypass

Risk 17
Severity
3.1
First published (updated )
CVE-2025-12150

maven/org.keycloak:keycloak-servicesOrg.keycloak/keycloak-services: keycloak smtp inject vulnerability

Risk 28
Severity
6.5
EPSS
0.07%
First published (updated )
CVE-2025-8419

maven/org.keycloak:keycloak-servicesKeycloak: phishing attack via email verification step in first login flow

Risk 49
Severity
7.1
EPSS
0.02%
First published (updated )
CVE-2025-7365
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/org.keycloak:keycloak-servicesWildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

Risk 53
Severity
8.1
EPSS
0.24%
First published (updated )
CVE-2024-7341

maven/org.keycloak:keycloak-coreKeycloak-core: open redirect on account page

Risk 28
Severity
6.1
EPSS
0.04%
First published (updated )
CVE-2024-7260

maven/org.keycloak:keycloak-servicesKeycloak: potential bypass of brute force protection

Risk 42
Severity
6.5
First published (updated )
CVE-2024-4629

maven/org.keycloak:keycloak-servicesKeycloak: path transversal in redirection validation

Risk 62
Severity
8.1
First published (updated )
CVE-2024-1132

maven/org.keycloak:keycloak-coreKeycloak: amount of attributes per object is not limited and it may lead to dos

Risk 46
Severity
7.5
First published (updated )
CVE-2023-6841
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Fortinet FortiSIEMOpenSSH Terrapin attack (CVE-2023-48795)

Risk 37
Severity
6
First published (updated )
CVE-2023-48795

redhat Single Sign-onKeycloak: redirect_uri validation bypass

Risk 52
Severity
7.1
First published (updated )
CVE-2023-6291

redhat Single Sign-onKeycloak: reflected xss via wildcard in oidc redirect_uri

Risk 26
Severity
5.4
EPSS
0.10%
First published (updated )
CVE-2023-6134

redhat/rh-sso7-keycloakA flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any…

Risk 81
Severity
8.8
First published (updated )
CVE-2021-4133

redhat/rh-sso7-keycloakKeycloak: xss on impersonation under specific circumstances

Risk 59
Severity
6.4
First published (updated )
CVE-2022-1438
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/keycloakXSS

Risk 39
Severity
6.1
First published (updated )
CVE-2021-20323

redhat KeycloakPath Traversal

Risk 23
Severity
4.3
First published (updated )
CVE-2021-3856

redhat/rh-sso7-keycloakA flaw was found in keycloak, where the default ECP binding flow allows other authentication flows t…

Risk 54
Severity
6.8
First published (updated )
CVE-2021-3827

maven/org.keycloak:keycloak-servicesInput Validation

Risk 28
Severity
5.3
First published (updated )
CVE-2021-3754

maven/org.keycloak:keycloak-coreRe-authentication is missing while updating the password. This may cause account takeover if any att…

Risk 64
Severity
6.8
First published (updated )
CVE-2021-20262
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/rh-sso7-keycloakA flaw was found in keycloak-model-infinispan where the authenticationSessions map in RootAuthentica…

Risk 45
Severity
7.5
First published (updated )
CVE-2021-3637

maven/org.keycloak:keycloak-coreClient registration endpoints should not allow fetching information about public clients without aut…

Risk 39
Severity
6.5
First published (updated )
CVE-2020-27838

redhat/rh-sso7-keycloakXSS

Risk 30
Severity
4.8
First published (updated )
CVE-2020-10776

redhat/rh-sso7-keycloakSSRF

Risk 30
Severity
5.8
First published (updated )
CVE-2020-10770

redhat/rh-sso7-keycloakDoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, a…

Risk 44
Severity
7.5
First published (updated )
CVE-2020-10758
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/RHSSOXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2020-10748

redhat/keycloakCSRF

Risk 18
Severity
3.3
First published (updated )
CVE-2020-10734

maven/org.keycloak:keycloak-parentA flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.

Risk 22
Severity
4
First published (updated )
CVE-2020-1717

redhat/keycloakInfoleak

Risk 34
Severity
5.5
First published (updated )
CVE-2020-1698

redhat/KeycloakIt was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh …

Risk 67
Severity
7.2
First published (updated )
CVE-2017-12160
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203