A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Keycloak
NVD
CVSS 3.1
3.8
EPSS
0.5%
Flarum is a discussion platform for websites. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
Flarum
NVD
GitHub
CVSS 3.1
3.5
EPSS
0.6%