CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

Information Exposure

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Information Exposure via SAML message decryption prior to signature validation. An attacker can use the Service Provid...

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

CVE-2026-41669

Admidio prior to version 5.0.9 suffers a SAML signature validation bypass: validateSignature() can return an error message or false, but its return value is discarded by both handleSSORequest() and handleSLORequest(), so unsigned or invalidly signed AuthnRequests/LogoutRequests are processed like...

Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests

Summary The Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on failure rather than throwing exceptions, but the developer believed i...

GHSA-25CW-98HG-G3CG Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests

Summary The Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on failure rather than throwing exceptions, but the developer believed i...

EUVD-2019-4958

Malware in sbrugna...

SUSE CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...

GHSA-PGXH-WFW4-JX2V Django denial of service via empty session record creation

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

CVE-2019-13497

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests...

The vulnerability of the Django web application framework, which allows a hacker to trigger a denial-of-service attack

The vulnerability of the contrib.sessions.middleware.SessionMiddleware component in the Django web framework is related to a resource management error. Exploiting this vulnerability allows an attacker to cause service failures by sending a large number of requests to contrib.auth.views.logout,...

PYSEC-2015-22

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service session store consumption or session record removal via a large number of requests to...