[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-14837":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":176,"aliases":186,"duplicate_of":9,"upstream":188,"downstream":189,"duplicates":196,"related":197,"reserved_at":9,"published_at":198,"modified_at":199,"state":200,"summary":201,"references_raw":209,"kevs":241,"epss":242,"epss_history":245,"metrics":499,"affected":515},"CVE-2019-14837","A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.",null,[11,171],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-798","Use of Hard-coded Credentials","The product contains hard-coded credentials, such as a password or cryptographic key.","weakness","Draft","Base","High",[20,118],{"id":21,"name":22,"techniques":23},"CAPEC-191","Read Sensitive Constants Within an Executable",[24],{"id":25,"name":26,"tactics":27,"countermeasures":31},"T1552.001","Credentials In Files",[28],{"id":29,"name":30},"TA0031","Credential Access",[32,37,41,45,50,54,58,63,67,72,76,80,84,89,93,98,102,106,110,114],{"id":33,"name":34,"tactic":35},"D3-CCSA","Credential Compromise Scope Analysis",{"name":36},"Detect",{"id":38,"name":39,"tactic":40},"D3-FA","File Analysis",{"name":36},{"id":42,"name":43,"tactic":44},"D3-FIM","File Integrity Monitoring",{"name":36},{"id":46,"name":47,"tactic":48},"D3-CR","Credential Revocation",{"name":49},"Evict",{"id":51,"name":52,"tactic":53},"D3-ANCI","Authentication Cache Invalidation",{"name":49},{"id":55,"name":56,"tactic":57},"D3-FEV","File Eviction",{"name":49},{"id":59,"name":60,"tactic":61},"D3-DUC","Decoy User Credential",{"name":62},"Deceive",{"id":64,"name":65,"tactic":66},"D3-DF","Decoy File",{"name":62},{"id":68,"name":69,"tactic":70},"D3-CH","Credential Hardening",{"name":71},"Harden",{"id":73,"name":74,"tactic":75},"D3-MFA","Multi-factor Authentication",{"name":71},{"id":77,"name":78,"tactic":79},"D3-CRO","Credential Rotation",{"name":71},{"id":81,"name":82,"tactic":83},"D3-FE","File Encryption",{"name":71},{"id":85,"name":86,"tactic":87},"D3-RIC","Reissue Credential",{"name":88},"Restore",{"id":90,"name":91,"tactic":92},"D3-RF","Restore File",{"name":88},{"id":94,"name":95,"tactic":96},"D3-CTS","Credential Transmission Scoping",{"name":97},"Isolate",{"id":99,"name":100,"tactic":101},"D3-CF","Content Filtering",{"name":97},{"id":103,"name":104,"tactic":105},"D3-LFP","Local File Permissions",{"name":97},{"id":107,"name":108,"tactic":109},"D3-RFAM","Remote File Access Mediation",{"name":97},{"id":111,"name":112,"tactic":113},"D3-CQ","Content Quarantine",{"name":97},{"id":115,"name":116,"tactic":117},"D3-CM","Content Modification",{"name":97},{"id":119,"name":120,"techniques":121},"CAPEC-70","Try Common or Default Usernames and Passwords",[122],{"id":123,"name":124,"tactics":125,"countermeasures":141},"T1078.001","Default Accounts",[126,129,132,135,138],{"id":127,"name":128},"TA0030","Defense Evasion",{"id":130,"name":131},"TA0005","Stealth",{"id":133,"name":134},"TA0110","Persistence",{"id":136,"name":137},"TA0111","Privilege Escalation",{"id":139,"name":140},"TA0108","Initial Access",[142,147,151,155,159,163,167],{"id":143,"name":144,"tactic":145},"D3-AM","Access Modeling",{"name":146},"Model",{"id":148,"name":149,"tactic":150},"D3-AL","Account Locking",{"name":49},{"id":152,"name":153,"tactic":154},"D3-AA","Agent Authentication",{"name":71},{"id":156,"name":157,"tactic":158},"D3-CDP","Change Default Password",{"name":71},{"id":160,"name":161,"tactic":162},"D3-ULA","Unlock Account",{"name":88},{"id":164,"name":165,"tactic":166},"D3-RUAA","Restore User Account Access",{"name":88},{"id":168,"name":169,"tactic":170},"D3-UAP","User Account Permissions",{"name":97},{"_key":172,"id":172,"name":173,"description":174,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":175},"CWE-547","Use of Hard-coded, Security-relevant Constants","The product uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.",[],[177],{"_key":178,"name":179,"source":180,"url":181,"maturity":182,"reliability_score":183,"verified":184,"type":9,"platforms":185,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_B7C528E537E75554","Exploit Reference (bugzilla.redhat.com)","reference","https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837","unknown",0.2,false,[],[187],"GHSA-cf8f-w2c5-p5jr",[],[190,192,194],{"_key":191},"RHSA-2019:4040",{"_key":193},"RHSA-2019:4041",{"_key":195},"RHSA-2019:4042",[],[],"2020-01-07T16:33:21.000Z","2024-08-05T00:26:39.127Z","Modified",{"cisa_kev":184,"cisa_ransomware":184,"cisa_vendor":9,"epss_severity":202,"epss_score":203,"severity":204,"severity_score":205,"severity_version":206,"severity_source":207,"severity_vector":208,"severity_status":200},"low",0.01008,"critical",9.1,"v3.0","cve.org","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",[210,220,225,231,236],{"url":181,"sources":211,"tags":214},[207,212,213],"nvd","osv_maven",[215,216,217,218,219],"X Refsource CONFIRM","Exploit","Issue Tracking","Vendor Advisory","WEB",{"url":221,"sources":222,"tags":223},"https://issues.jboss.org/browse/KEYCLOAK-10780",[207,212,213],[215,217,224,218,219],"Permissions Required",{"url":226,"sources":227,"tags":228},"https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f",[207,212,213],[215,229,230,219],"Patch","Third Party Advisory",{"url":232,"sources":233,"tags":234},"https://nvd.nist.gov/vuln/detail/CVE-2019-14837",[213],[235],"Advisory",{"url":237,"sources":238,"tags":239},"https://github.com/keycloak/keycloak",[213],[240],"PACKAGE",[],{"date":243,"score":203,"percentile":244},"2026-06-04",0.77409,[246,249,251,254,257,260,262,265,267,269,272,275,278,280,283,287,290,293,296,298,301,304,307,309,312,315,318,321,324,327,330,333,336,339,341,344,347,350,353,356,358,361,364,367,370,373,376,379,381,384,386,389,392,395,398,401,403,406,409,412,415,418,421,424,426,429,432,435,437,440,443,446,449,452,455,457,460,463,466,469,471,474,477,480,482,484,487,490,493,496],{"date":247,"score":203,"percentile":248},"2025-11-04",0.76347,{"date":250,"score":203,"percentile":248},"2025-11-05",{"date":252,"score":203,"percentile":253},"2025-11-06",0.76342,{"date":255,"score":203,"percentile":256},"2025-11-07",0.76357,{"date":258,"score":203,"percentile":259},"2025-11-08",0.76361,{"date":261,"score":203,"percentile":256},"2025-11-09",{"date":263,"score":203,"percentile":264},"2025-11-10",0.7634,{"date":266,"score":203,"percentile":253},"2025-11-11",{"date":268,"score":203,"percentile":259},"2025-11-12",{"date":270,"score":203,"percentile":271},"2025-11-13",0.76367,{"date":273,"score":203,"percentile":274},"2025-11-14",0.76373,{"date":276,"score":203,"percentile":277},"2025-11-15",0.76368,{"date":279,"score":203,"percentile":271},"2025-11-16",{"date":281,"score":203,"percentile":282},"2025-11-17",0.76356,{"date":284,"score":285,"percentile":286},"2025-11-18",0.00719,0.70233,{"date":288,"score":285,"percentile":289},"2025-11-19",0.7024,{"date":291,"score":285,"percentile":292},"2025-11-20",0.7025,{"date":294,"score":203,"percentile":295},"2025-11-21",0.76382,{"date":297,"score":203,"percentile":295},"2025-11-22",{"date":299,"score":203,"percentile":300},"2025-11-23",0.76369,{"date":302,"score":203,"percentile":303},"2025-11-24",0.7637,{"date":305,"score":203,"percentile":306},"2025-11-25",0.76377,{"date":308,"score":203,"percentile":295},"2025-11-26",{"date":310,"score":203,"percentile":311},"2025-11-27",0.76385,{"date":313,"score":203,"percentile":314},"2025-11-28",0.76372,{"date":316,"score":203,"percentile":317},"2025-11-29",0.76381,{"date":319,"score":203,"percentile":320},"2025-11-30",0.7638,{"date":322,"score":203,"percentile":323},"2025-12-01",0.76503,{"date":325,"score":203,"percentile":326},"2025-12-02",0.76507,{"date":328,"score":203,"percentile":329},"2025-12-03",0.76499,{"date":331,"score":203,"percentile":332},"2025-12-04",0.76374,{"date":334,"score":203,"percentile":335},"2025-12-05",0.76383,{"date":337,"score":203,"percentile":338},"2025-12-06",0.76387,{"date":340,"score":203,"percentile":295},"2025-12-07",{"date":342,"score":203,"percentile":343},"2025-12-08",0.76386,{"date":345,"score":203,"percentile":346},"2025-12-09",0.76411,{"date":348,"score":203,"percentile":349},"2025-12-10",0.76439,{"date":351,"score":203,"percentile":352},"2025-12-11",0.76456,{"date":354,"score":203,"percentile":355},"2025-12-12",0.76477,{"date":357,"score":203,"percentile":355},"2025-12-13",{"date":359,"score":203,"percentile":360},"2025-12-14",0.76472,{"date":362,"score":203,"percentile":363},"2025-12-15",0.76468,{"date":365,"score":203,"percentile":366},"2025-12-16",0.76482,{"date":368,"score":203,"percentile":369},"2025-12-17",0.76494,{"date":371,"score":203,"percentile":372},"2025-12-18",0.76509,{"date":374,"score":203,"percentile":375},"2025-12-19",0.76523,{"date":377,"score":203,"percentile":378},"2025-12-20",0.76516,{"date":380,"score":203,"percentile":372},"2025-12-21",{"date":382,"score":203,"percentile":383},"2025-12-22",0.76504,{"date":385,"score":203,"percentile":323},"2025-12-23",{"date":387,"score":203,"percentile":388},"2025-12-24",0.76515,{"date":390,"score":203,"percentile":391},"2025-12-25",0.76534,{"date":393,"score":203,"percentile":394},"2025-12-26",0.76532,{"date":396,"score":203,"percentile":397},"2025-12-27",0.76591,{"date":399,"score":203,"percentile":400},"2025-12-28",0.76514,{"date":402,"score":203,"percentile":372},"2025-12-29",{"date":404,"score":203,"percentile":405},"2025-12-30",0.76518,{"date":407,"score":203,"percentile":408},"2025-12-31",0.76538,{"date":410,"score":203,"percentile":411},"2026-01-01",0.76669,{"date":413,"score":203,"percentile":414},"2026-01-02",0.76672,{"date":416,"score":203,"percentile":417},"2026-01-03",0.76671,{"date":419,"score":203,"percentile":420},"2026-01-04",0.76546,{"date":422,"score":203,"percentile":423},"2026-01-05",0.76537,{"date":425,"score":203,"percentile":420},"2026-01-06",{"date":427,"score":203,"percentile":428},"2026-01-07",0.76556,{"date":430,"score":203,"percentile":431},"2026-01-08",0.76565,{"date":433,"score":203,"percentile":434},"2026-01-09",0.76574,{"date":436,"score":203,"percentile":434},"2026-01-10",{"date":438,"score":203,"percentile":439},"2026-01-11",0.76567,{"date":441,"score":203,"percentile":442},"2026-01-12",0.76553,{"date":444,"score":203,"percentile":445},"2026-01-13",0.76552,{"date":447,"score":203,"percentile":448},"2026-01-14",0.76575,{"date":450,"score":203,"percentile":451},"2026-01-15",0.76581,{"date":453,"score":203,"percentile":454},"2026-01-16",0.7659,{"date":456,"score":203,"percentile":454},"2026-01-17",{"date":458,"score":203,"percentile":459},"2026-01-18",0.76583,{"date":461,"score":203,"percentile":462},"2026-01-19",0.76578,{"date":464,"score":203,"percentile":465},"2026-01-20",0.76579,{"date":467,"score":203,"percentile":468},"2026-01-21",0.76585,{"date":470,"score":203,"percentile":454},"2026-01-22",{"date":472,"score":203,"percentile":473},"2026-01-23",0.7662,{"date":475,"score":203,"percentile":476},"2026-01-24",0.76631,{"date":478,"score":203,"percentile":479},"2026-01-25",0.76619,{"date":481,"score":203,"percentile":479},"2026-01-26",{"date":483,"score":203,"percentile":473},"2026-01-27",{"date":485,"score":203,"percentile":486},"2026-01-28",0.76629,{"date":488,"score":203,"percentile":489},"2026-01-29",0.76623,{"date":491,"score":203,"percentile":492},"2026-01-30",0.76628,{"date":494,"score":203,"percentile":495},"2026-01-31",0.76625,{"date":497,"score":203,"percentile":498},"2026-02-01",0.76743,[500,505,513],{"source":207,"cvss_v2_0":9,"cvss_v3_0":501,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":205,"baseSeverity":502,"vectorString":208,"impactScore":503,"exploitabilityScore":504},"CRITICAL",8.7,10,{"source":212,"cvss_v2_0":506,"cvss_v3_0":510,"cvss_v3_1":511,"cvss_v4_0":9},{"baseScore":507,"baseSeverity":9,"vectorString":508,"impactScore":509,"exploitabilityScore":504},6.4,"AV:N/AC:L/Au:N/C:P/I:P/A:N",4.9,{"baseScore":205,"baseSeverity":502,"vectorString":208,"impactScore":503,"exploitabilityScore":504},{"baseScore":205,"baseSeverity":502,"vectorString":512,"impactScore":503,"exploitabilityScore":504},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",{"source":213,"cvss_v2_0":9,"cvss_v3_0":514,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":205,"baseSeverity":9,"vectorString":208,"impactScore":503,"exploitabilityScore":504},[516,529,536,542],{"ecosystem":517,"name":518,"vendor":519,"product":520,"cpe_part":9,"purl_type":521,"purl_namespace":519,"purl_name":520,"source":9,"versions":522},"Maven","org.keycloak:keycloak-core","org.keycloak","keycloak-core","maven",[523],{"version":524,"is_range":525,"range_type":526,"version_start":9,"version_start_type":9,"version_end":527,"version_end_type":528,"fixed_in":9},"lt8_0_0",true,"ecosystem","8.0.0","excluding",{"ecosystem":9,"name":530,"vendor":531,"product":530,"cpe_part":532,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":533},"keycloak","red hat","a",[534],{"version":535,"is_range":525,"range_type":207,"version_start":9,"version_start_type":9,"version_end":527,"version_end_type":528,"fixed_in":9},"before 8.0.0",{"ecosystem":9,"name":530,"vendor":537,"product":530,"cpe_part":532,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":538},"redhat",[539],{"version":540,"is_range":525,"range_type":541,"version_start":9,"version_start_type":9,"version_end":527,"version_end_type":528,"fixed_in":9},"lt8.0.0","cpe",{"ecosystem":9,"name":543,"vendor":537,"product":544,"cpe_part":532,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":545},"single sign-on","single_sign-on",[546],{"version":547,"is_range":184,"range_type":541,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.3"]