org.keycloak:keycloak-server-spi-private and org.keycloak:keycloak-services are vulnerable to Improper Authorization. The vulnerability exists under certain pre-conditions which allows an attacker to ...
Continue Reading
July 07, 2023
org.keycloak:keycloak-services is vulnerable to Improper Certificate Validation. The vulnerability exists in the `authenticateClient` function of `X509ClientAuthenticator.java` because it does not pro ...
Continue Reading
July 07, 2023
### Impact All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is ...
Continue Reading
July 07, 2023
### Impact All versions of @fastify/oauth2 used a statically generated `state` parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 `state` parameter is ...
Continue Reading
July 07, 2023
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality o ...
Continue Reading
July 07, 2023
league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey cons ...
Continue Reading
July 07, 2023
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication byp ...
Continue Reading
July 01, 2023
[]() In today's fast-paced digital landscape, the widespread adoptio ...
Continue Reading
July 01, 2023
Back to Main
