CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-7307 Keycloak: keycloak: denial of service via specially crafted saml input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...

CVE-2026-22560

CVE-2026-22560 is an open redirect vulnerability affecting Rocket.Chat prior to 8.4.0. The issue arises from manipulating parameters in the SAML endpoint to redirect users to arbitrary URLs, notably via the /_saml/sloRedirect/:provider flow where the redirect URL is placed directly in a Location ...

EUVD-2025-206265

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint /auth/saml/callback. By manipulating the RelayState parameter, an attacker can...

PT-2025-14388 · Bamboohr · Bamboohr

Name of the Vulnerable Software and Affected Versions: BambooHR Build version 25.0210.170831-83b08dd Description: The issue allows a remote attacker to escalate privileges via the /saml/index.php?r= HTTP GET parameter. This parameter is vulnerable to exploitation, enabling an attacker to gain...

PT-2025-11129

Name of the Vulnerable Software and Affected Versions ruby-saml versions prior to 1.12.4 and 1.18.0 Description An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, generating entirely different document structures...

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

CVE-2019-19381

oauth/oauth2/v1/saml/ in Abacus OAuth Login 201901r4201910210000 before prior to R4 20.11.2019 Hotfix allows Reflected Cross Site Scripting XSS via an error message...

Denial Of Service (DoS)

ruby-saml is vulnerable to denial of service DoS attacks. These attacks are possible because attackers can compress huge XML and pass it to the SAML endpoint. The deflate functio allows the attacker to achieve 1000:1 compression ratio which can be used to cause denial of service attacks...