38 matches found
EUVD-2020-28081
Malware in sbrugna...
EUVD-2023-49995
Malicious code in bioql PyPI...
EUVD-2025-15135
Malicious code in bioql PyPI...
EUVD-2023-27986
Malicious code in bioql PyPI...
EUVD-2024-48395
Malicious code in bioql PyPI...
CVE-2020-6939
Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions...
CVE-2025-0126
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...
CVE-2025-0126
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...
Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.10-h6 / 11.0.x < 11.0.6 / 11.1.x < 11.1.5 / 11.2.x < 11.2.3 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h11 or 10.2.x prior to 10.2.10-h6 or 11.0.x prior to 11.0.6 or 11.1.x prior to 11.1.5 or 11.2.x prior to 11.2.3. It is, therefore, affected by a vulnerability. When configured using SAML, a session...
CVE-2022-31122
Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML...
CVE-2024-7475
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
Gitlab -- Vulnerabilities
Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads resource exhaustion Unauthorized user can manipulate status of issues in public projects Instance SAML does not respect externalprovider configuration...
FreeBSD : Gitlab -- Vulnerabilities (2bfde261-cdf2-11ef-b6b2-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2bfde261-cdf2-11ef-b6b2-2cf05da270f3 advisory. Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads...
lunary access control error vulnerability (CNVD-2025-09695)
lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from not properly restricting permissions to update the SAML configuration. An attacker could use this vulnerability to modify the authentication process and steal user...
CVE-2024-7475
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2024-7475
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2024-7475 Improper Access Control in lunary-ai/lunary
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2024-7475
CVE-2024-7475 describes an improper access control in lunary-ai/lunary 1.3.2 that lets an attacker update the SAML configuration without authorization. This could enable manipulation of authentication processes, fraudulent login requests, and theft of user information. Multiple connected sources ...
CVE-2024-7475 Improper Access Control in lunary-ai/lunary
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...
CVE-2023-45706
An administrative user of WebReports may perform a Cross Site Scripting XSS and/or Man in the Middle MITM exploit through SAML configuration...