CVE-2024-11831
- EPSS 0.6%
- Published 10.02.2025 16:15:37
- Last modified 04.06.2025 23:15:20
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. T...
CVE-2024-1132
- EPSS 0.24%
- Published 17.04.2024 14:15:07
- Last modified 30.06.2025 13:58:57
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain ...
CVE-2023-6291
- EPSS 0.2%
- Published 26.01.2024 15:15:08
- Last modified 21.11.2024 08:43:32
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate o...
CVE-2023-44487
- EPSS 94.44%
- Published 10.10.2023 14:15:10
- Last modified 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2022-4492
- EPSS 0.12%
- Published 23.02.2023 20:15:12
- Last modified 12.03.2025 15:15:38
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...