CVE-2026-46423

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...

CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass

Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...

GHSA-RV5F-CCPM-XJJ4 Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

PT-2025-48992

Name of the Vulnerable Software and Affected Versions Synology DiskStation DS925+ affected versions not specified Description An authentication bypass issue exists in the samlAuth component of Synology DiskStation DS925+. This allows an attacker to bypass authentication. The issue was discovered...

EUVD-2018-18723

Malware in sbrugna...

EUVD-2017-8234

Malware in sbrugna...

EUVD-2019-0609

Malware in sbrugna...

EUVD-2018-17023

Malware in sbrugna...

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

CVE-2025-25292

Ruby-saml contains an authentication bypass vulnerability caused by a parser differential between ReXML and Nokogiri. The issue affects versions older than 1.12.4 and 1.18.0, enabling a Signature Wrapping attack that can lead to bypassing SAML authentication. A patch exists in versions 1.12.4 and...

Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

CVE-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

CVE-2025-25291

ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...

FreeBSD : Gitlab -- vulnerabilities (3e738678-7582-11ef-bece-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3e738678-7582-11ef-bece-2cf05da270f3 advisory. Gitlab reports: SAML authentication bypass Tenable has extracted the preceding description block direct...

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...

CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

Advisory ROSA-SA-2023-2299

Software: grafana 7.3.6 OS: ROSA Virtualization 2.1 packageevrstring: grafana-7.3.6-2.el8.src.rpm CVE-ID: CVE-2020-27846 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: A signature verification vulnerability exists in cookiejam/saml. This flaw allows an attacker to bypass SAML authentication. The...

CVE-2022-39300

CVE-2022-39300 affects node-saml (SAML 2.0 library used with passport-saml). Reports consistently describe a signature-bypass vulnerability where a remote attacker can bypass SAML authentication by manipulating an arbitrary IDP signed XML element, potentially enabling unauthenticated access depen...

Signature bypass via multiple root elements

Impact A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks e.g without access to a valid user...