CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

SimpleSAMLphp-casserver 输入验证错误漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible single-signpoint login server module developed by SimpleSAMLphp. Versions prior to 6.3.1 and 7.0.0 of SimpleSAMLphp-casserver contained a vulnerability related to input validation errors. This vulnerability occurred because the...

GHSA-CVRM-5HP6-H523 SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

PT-2026-41385

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp-casserver versions prior to 6.3.1 SimpleSAMLphp-casserver versions prior to 7.0.0 Description The logout endpoint accepts a url query parameter for redirection. The server treats this URL as trusted and, depending on the...

Insufficient Session Expiration

Overview github.com/oauth2-proxy/oauth2-proxy/v7 is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Insufficient Session Expiration through the SignInPage handler in oauthproxy.go. An attacker can keep a...

GHSA-F24X-5G9Q-753F OAuth2 Proxy's session cookies are not cleared when rendering sign-in page

Impact A regression introduced in v7.11.0 is preventing OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. This only impacts deployments that rely on the sign-in page as part of their logout flow. In those setups, a user may be shown the sign-in page while the existing...

CVE-2026-34454

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-in page. In deployments that rely on the sign-in page as part of their logout flow, a user may be...

DOM-Based Cross-Site Scripting (XSS)

github.com/zitadel/zitadel, is vulnerable to DOM-Based Cross-Site Scripting XSS. The vulnerability is due to improper validation of the postlogoutredirect parameter in the /logout endpoint, which allows an unauthenticated remote attacker to execute malicious JavaScript in users’ browsers...

Unsigned SAML LogoutRequest Acceptance in gosaml2

Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...

CVE-2026-28415

A flaw was found in Gradio, an open-source Python package. The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter. A remote attacker can exploit this vulnerability by crafting a malicious URL, leading to an open redirect. This allows the attacker to...

CVE-2026-28415 Gradio has Open Redirect in OAuth Flow

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

CVE-2026-28415 Gradio has Open Redirect in OAuth Flow

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

EUVD-2026-9083

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

CVE-2026-28415

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

PT-2026-22414

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.6.0 Description Gradio is a Python package for rapid prototyping. A flaw exists in the OAuth flow where the redirect to target function does not properly validate the target url query parameter. This allows redirecti...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

CVE-2026-1698

CVE-2026-1698 affects PcVue WebClient and WebScheduler web apps (versions 15.0.0–16.3.3). A HTTP Host header vulnerability could let an attacker craft requests that influence server-side behavior, specifically targeting endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCal...