cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2419,https://securityvulnerability.io/vulnerability/CVE-2024-2419,Bypass of Redirect URI Validation in Keycloak May Lead to Access Token Theft,"A security flaw in Keycloak's implementation of the redirect_uri validation logic could enable attackers to bypass predefined host restrictions. This flaw allows for potential access token theft, which may lead attackers to impersonate legitimate users. The vulnerability is noteworthy due to its similarities to previous issues that were exploited, highlighting the need for immediate remediation in the affected versions of Keycloak.",Red Hat,"Upstream,Red Hat Build Of Keycloak 22",7.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-17T13:23:34.652Z,0
CVE-2023-6393,https://securityvulnerability.io/vulnerability/CVE-2023-6393,Quarkus: potential invalid reuse of context when @cacheresult on a uni is used,"A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial ""completion"" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.",Red Hat,"upstream,Red Hat build of Quarkus",5.3,MEDIUM,0.0015999999595806003,false,,false,false,false,,,false,false,,2023-12-06T17:15:00.000Z,0