CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

CVE-2026-3217

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting XSS.This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

EUVD-2021-10056

Malware in sbrugna...

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

Vulnerability fixed in Citrix Gateway and ADC

Citrix has fixed a vulnerability in Citrix Gateway and Citrix ADC. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code. To do so, rogue network traffic must be sent to the vulnerable system be sent. Gateway and ADC systems are only...

Micro Focus Access Manager Information Leakage Vulnerability

Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used...

Session fixation

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-006

This module enables you to authenticate Drupal users using an external SAML Identity Provider. If the site is configured to allow visitors to register for user accounts but administrator approval is required, the module doesn't sufficiently enforce the administrative approval requirement, in the...

GHSA-5P5W-J3G7-W4WV Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js

Versions of saml2-js prior to 1.12.4 or 2.0.2 are vulnerable to authentication bypass. The saml2-js library may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the...

Authentication Bypass

Overview Versions of samlify prior to 2.4.0 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the...

Authentication bypass via incorrect XML canonicalization and DOM traversal

ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect XML canonicalization and DOM traversal. Specifically, there are inconsistencies in handling of comments within XML nodes, resulting in incorrect parsing of the inner text of XML nodes such that any inner text...

CVE-2018-2371

The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting XSS vulnerability...

Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames

Versions of samlify prior to 2.4.0-rc5 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic...

GHSA-8JJF-W7J6-323C Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames

Versions of samlify prior to 2.4.0-rc5 are vulnerable to Authentication Bypass. The package fails to prevent XML Signature Wrapping, allowing tokens to be reused with different usernames. A remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic...