CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14168 matches found

RedHat Linux•added 2025/12/10 5:51 p.m.•2 views

rexml: REXML denial of service

A denial of service flaw has been discovered in the rubygem REXML. Certain input can cause excess cpu usage and given sufficiently large input this can affect program performance...

5.3CVSS5.7AI score0.00094EPSS

Exploits0References6

RedhatCVE•added 2025/12/10 2:32 a.m.•7 views

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.8CVSS9.4AI score0.03321EPSS

Exploits1References1

RedhatCVE•added 2025/12/10 2:32 a.m.•4 views

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS7AI score0.00048EPSS

Exploits0References1

AlmaLinux•added 2025/12/10 12:0 a.m.•3 views

Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: resolv: Denial of Service in resolv gem CVE-2025-24294 rexml: REXML denial of service CVE-2025-58767 For more details about the...

7.5CVSS6.5AI score0.00268EPSS

Exploits0References7

AlmaLinux•added 2025/12/10 12:0 a.m.•3 views

Moderate: ruby:3.3 security update

7.5CVSS6.5AI score0.00268EPSS

Exploits0References7

OSV•added 2025/12/10 12:0 a.m.•4 views

ALSA-2025:23062 Moderate: ruby:3.3 security update

7.5CVSS6.4AI score0.00268EPSS

Exploits0References7

NVD•added 2025/12/09 4:18 p.m.•3 views

CVE-2025-66568

9.3CVSS0.00048EPSS

Exploits0References2

NVD•added 2025/12/09 4:18 p.m.•2 views

CVE-2025-66567

9.3CVSS0.0005EPSS

Exploits0References3

UbuntuCve•added 2025/12/09 4:18 p.m.•2 views

CVE-2025-66567

9.3CVSS7.3AI score0.0005EPSS

Exploits0References4

OSV•added 2025/12/09 4:18 p.m.•3 views

UBUNTU-CVE-2025-66568

9.3CVSS5.9AI score0.00048EPSS

Exploits0References4

OSV•added 2025/12/09 4:18 p.m.•0 views

UBUNTU-CVE-2025-66567

9.3CVSS5.9AI score0.0005EPSS

Exploits0References5

Vulnrichment•added 2025/12/09 2:3 a.m.•1 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

9.3CVSS6.8AI score0.00048EPSS

Exploits0References2

Cvelist•added 2025/12/09 2:3 a.m.•25 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

9.3CVSS0.00048EPSS

Exploits0References2

Debian CVE•added 2025/12/09 2:3 a.m.•5 views

CVE-2025-66568

9.3CVSS5.5AI score0.00048EPSS

Exploits0

OSV•added 2025/12/09 2:3 a.m.•2 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

9.3CVSS7.1AI score0.00048EPSS

Exploits0References4

CVE•added 2025/12/09 2:3 a.m.•16 views

CVE-2025-66568

CVE-2025-66568 affects the ruby-saml library (client-side SAML) with versions up to 1.12.4 vulnerable to authentication bypass via libxml2 canonicalization used by Nokogiri. On invalid XML input, canonicalization can return an empty string, causing DigestValue to be computed over that empty strin...

9.3CVSS6.8AI score0.00048EPSS

Exploits0References2Affected Software1