| CVE-2014-3709 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
JBoss Keycloak CSRF Vulnerability |
| CVE-2026-7504 |
high |
8.1 |
8.1 |
|
|
|
17d ago |
Keycloak: Open redirect when using wildcard valid redirect URIs in Keycloak |
| CVE-2026-2603 |
high |
— |
8.0 |
|
|
|
3mo ago |
Keycloak: Unauthorized authentication via disabled SAML Identity Provider |
| CVE-2021-3424 |
high |
— |
8.0 |
|
|
|
4y ago |
Keycloak is vulnerable to IDN homograph attack |
| CVE-2026-7507 |
high |
7.5 |
7.5 |
|
|
|
17d ago |
Keycloak: Session fixation in OIDC login flow that can lead to account takeover |
| CVE-2024-1249 |
high |
7.4 |
7.4 |
|
|
|
2y ago |
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seco… |
| CVE-2026-7571 |
high |
7.1 |
7.1 |
|
|
|
17d ago |
Keycloak: Access token disclosure and implicit flow bypass via forged client data |
| CVE-2025-7365 |
high |
7.1 |
7.1 |
|
|
|
11mo ago |
Keycloak phishing attack via email verification step in first login flow |
