Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / org.keycloak

org.keycloak

174 tracked vulnerabilities.

CVE-2024-1722 LOW

Keycloak - Unauthenticated Account Lockout Bypass

CVE-2023-0657 LOW

Keycloak < 22.0.10 - Authenticated Token Type Confusion via Improper Signature Validation

CVE-2023-6841 HIGH

Keycloak < 24.0.0 - Denial of Service via Unlimited Attribute Values

CVE-2023-6787 MEDIUM

Keycloak < 22.0.10 - Authentication Bypass via Re-authentication Mechanism

CVE-2023-6717 MEDIUM

Keycloak < 22.0.10 - Stored Cross-Site Scripting via SAML Client Registration

CVE-2023-6544 MEDIUM

Keycloak - Unauthorized Dynamic Client Registration via TrustedDomain Regex

CVE-2023-6484 MEDIUM

Keycloak < 22.0.9 - Log Injection via WebAuthn Authentication Form

CVE-2023-3597 MEDIUM

Keycloak < 22.0.10 - Authentication Bypass via Incorrect Client Step-Up Validation

CVE-2023-6291 HIGH

Keycloak < 22.0.7 and 23.0.0-23.0.2 - Open Redirect via redirect_uri Validation Bypass

CVE-2023-2585 LOW

Keycloak - Auth Bypass

CVE-2023-6927 MEDIUM

Keycloak < 23.0.4 - Open Redirect via JARM Response Mode Form Post JWT

CVE-2023-6134 MEDIUM

Keycloak - Cross-Site Scripting

CVE-2023-6563 HIGH

Keycloak < 21.0.0 - Unconstrained Memory Consumption via Admin UI Consents Tab

CVE-2023-2422 MEDIUM

Keycloak < 21.1.2 - Improper Certificate Validation

CVE-2023-4918 HIGH

Keycloak 22.0.2 - Cleartext Transmission of Sensitive Information via User Registration Form

CVE-2023-0264 MEDIUM

Keycloak - Authenticated Session Impersonation via OpenID Connect Request Data

CVE-2023-1664 MEDIUM

Keycloak - Auth Bypass

CVE-2023-0105 MEDIUM

Keycloak - Improper Authentication via Email Trust Mismanagement

CVE-2023-0091 LOW

Keycloak - Incorrect Authorization in Client Credential Flow

CVE-2022-2232 HIGH

Keycloak LDAP Federation < 23.0.1 - LDAP Injection via Username Lookup

CVE-2022-4137 HIGH

Keycloak < 20.0.5 - Reflected Cross-Site Scripting via OAuth OOB Endpoint

CVE-2022-3916 MEDIUM

Keycloak < 20.0.2 - Insufficient Session Expiration via Offline Access Scope

CVE-2022-1438 MEDIUM

Keycloak - Cross-Site Scripting via User Impersonation

CVE-2022-4361 CRITICAL

Keycloak < 21.1.2 - Cross-Site Scripting via AssertionConsumerServiceURL or redirect_uri

CVE-2022-1274 MEDIUM

Keycloak < 20.0.5 - Cross-Site Scripting via Execute-Actions-Email Endpoint

Previous Page 4 of 7 Next

Products

keycloak-services 74 keycloak-core 48 keycloak-parent 25 keycloak-quarkus-server 9 keycloak-server-spi-private 5 keycloak-ldap-federation 4 keycloak-saml-core 4 keycloak-model-jpa 3 keycloak-saml-adapter-core 3 keycloak-model-infinispan 2 keycloak-quarkus-dist 2 keycloak-account-ui 1 keycloak-adapter-core 1 keycloak-admin-ui 1 keycloak-authz-client 1 keycloak-broker-saml 1 keycloak-common 1 keycloak-js-admin-client 1 keycloak-model-storage-services 1 keycloak-oidc-client-adapter-pom 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy