Lucene search
+L

379 matches found

EUVD
EUVD
added 2026/01/08 3:41 a.m.5 views

EUVD-2026-1461

A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters such as tabs as separators and tolerates case variations that deviate from RFC 6750 specifications...

5.3CVSS6.3AI score0.00361EPSS
Exploits0References4
Veracode
Veracode
added 2025/12/13 8:4 a.m.7 views

Authentication Bypass

ruby-saml is vulnerable to authentication bypass. The vulnerability is due to improper handling of libxml2 canonicalization in Nokogiri when processing invalid XML, which returns an empty string used for DigestValue calculation, allowing an attacker to perform a Signature Wrapping attack and bypa...

9.3CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 6:19 a.m.6 views

Authentication Bypass

robrichards/xmlseclibs is vulnerable to authentication bypass. The vulnerability is due to improper handling in the libxml2 canonicalization process where invalid XML inputs may return an empty string, which allows an attacker to bypass authentication by manipulating the DigestValue computation...

7.5CVSS5.9AI score0.00226EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-66568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through...

9.3CVSS5.7AI score0.00211EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 3:26 a.m.18 views

CVE-2025-66578

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

7.5CVSS6.8AI score0.00226EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.8 views

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS7AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.11 views

CVE-2025-66578

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

7.5CVSS0.00226EPSS
Exploits1References3
NVD
NVD
added 2025/12/09 4:18 p.m.11 views

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 4:18 p.m.5 views

UBUNTU-CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS5.9AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/09 2:41 a.m.34 views

CVE-2025-66578 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

6CVSS0.00226EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/09 2:41 a.m.6 views

EUVD-2025-201790

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

6CVSS6.5AI score0.00226EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/09 2:41 a.m.5 views

CVE-2025-66578 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

6CVSS6.7AI score0.00226EPSS
Exploits1References3
CVE
CVE
added 2025/12/09 2:41 a.m.28 views

CVE-2025-66578

CVE-2025-66578 affects robrichards/xmlseclibs (PHP) up to version 3.1.3. The root cause is a flaw in libxml2 canonicalization during document transformation: when canonicalizing invalid XML input, libxml2 may return an empty string instead of a canonicalized node. xmlseclibs then computes the Dig...

7.5CVSS6.6AI score0.00226EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/12/09 2:41 a.m.8 views

CVE-2025-66578 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

6CVSS6.9AI score0.00226EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/09 2:3 a.m.34 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS0.00211EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 2:3 a.m.25 views

CVE-2025-66568

CVE-2025-66568 affects the ruby-saml library (client-side SAML) with versions up to 1.12.4 vulnerable to authentication bypass via libxml2 canonicalization used by Nokogiri. On invalid XML input, canonicalization can return an empty string, causing DigestValue to be computed over that empty strin...

9.3CVSS6.8AI score0.00211EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 2:3 a.m.4 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS6.8AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 2:3 a.m.6 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS7.1AI score0.00211EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.12 views

PT-2025-49776

Name of the Vulnerable Software and Affected Versions xmlseclibs versions prior to 3.1.4 Description xmlseclibs is a PHP library used for XML Encryption and Signatures. Versions of the library before 3.1.4 contain a flaw in the libxml2 canonicalization process during document transformation that...

7.5CVSS6.8AI score0.00226EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.10 views

PT-2025-49775

Name of the Vulnerable Software and Affected Versions ruby-saml versions through 1.12.4 Description The ruby-saml library, which handles SAML authorization on the client side, has a flaw that could allow an attacker to bypass authentication. This is due to how the library processes XML data using...

9.3CVSS6.6AI score0.00211EPSS
Exploits0References11
Rows per page
Query Builder