CVE-2019-25291

creationtimestamp| type| source ---|---|--- 2026-01-08 01:50:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbuuldjhbn2c 2026-01-08 08:21:22+00:00| seen| https://gist.github.com/Darkcrai86/3ef6259ad8c3948c3631b793f40a68f1 2026-01-08 21:03:09+00:00| seen|...

Debian: Security Advisory (DLA-4115-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...

CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25291

ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...

CVE-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25291

creationtimestamp| type| source ---|---|--- 2025-03-12 20:07:18+00:00| seen| https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/ 2025-03-12 20:42:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7376 2025-03-13...

Linux Distros Unpatched Vulnerability : CVE-2021-25291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. CVE-2021-25291...

CVE-2020-25291

creationtimestamp| type| source ---|---|--- 2024-11-13 08:04:21+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1860...

CVE-2024-25291

creationtimestamp| type| source ---|---|--- 2024-02-29 08:31:35+00:00| seen| https://t.me/ctinow/196332 2024-02-29 08:31:40+00:00| seen| https://t.me/ctinow/196338...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

CVE-2024-25291 affects Deskfiler v1.2.3. Multiple sources confirm that a crafted plugin upload can lead to arbitrary code execution, leveraging an Electron WebView to trigger RCE. The Red Hat and NVD entries repeat the same payload: uploading a specially crafted plugin enables code execution. The...

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2023-146)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-146 advisory. An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. CVE-2021-25290 An issue was discovered in Pillow before 8.1.1. In...

Important: python-pillow

Issue Overview: An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. CVE-2021-25290 An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries...

SUSE CVE-2021-25291

An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2021-2564)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...