CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the RelayState parameter. An attacker can gain unauthorized access to any team by manipulating the RelayState parameter during the team join process. Remediation Upgrade...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the RelayState parameter. An attacker can gain unauthorized access to any team by manipulating the RelayState parameter during the team join process. Remediation Upgrade github.com/mattermost/mattermost/server t...

EUVD-2025-34729

Mattermost has a Missing Authorization vulnerability...

CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

CVE-2025-58075

Mattermost CVE-2025-58075 affects versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x

EUVD-2022-30722

Malicious code in bioql PyPI...

EUVD-2023-24151

Malicious code in bioql PyPI...

CVE-2025-9072 One-Click Mattermost Account Takeover via Poisoned RelayState SAML Parameter

Mattermost versions 10.10.x = 10.10.1, 10.5.x = 10.5.9, 10.9.x = 10.9.4 fail to validate the redirectto parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user’s cookies to an attacker-controlled URL...

CVE-2023-1965

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access toke...

Open redirect in user_saml via RelayState parameter

None...

Nextcloud Input Validation Error Vulnerability

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An input validation error vulnerability exists in Nextcloud User Saml that originates from allowing an attacker to turn on redirection in usersaml via the...

Nextcloud: Open redirect in user_saml via RelayState parameter

An open redirect vulnerability was reported in the usersaml authentication module of Nextcloud. The vulnerability allowed redirecting users to arbitrary URLs via the RelayState parameter...

Default credentials

An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access toke...

PT-2023-17378 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.2 through 15.9.5 GitLab EE versions 15.10 through 15.10.4 GitLab EE versions 15.11 through 15.11.0 Description: An issue has been discovered in GitLab EE, where a lack of verification on the RelayState parameter allowed ...

CVE-2023-1965

GitLab EE is affected: versions 14.2–15.9.5, 15.10–15.10.4, and 15.11–15.11.0 have a lack of verification on the RelayState parameter, allowing a maliciously crafted URL to obtain access tokens for 3rd party Group SAML SSO logins. This feature is not enabled by default. Impact described across mu...

GitLab 跨站请求伪造漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from a lack of validation...