Gitlab -- vulnerabilities

Gitlab reports: Improper Access Control issue in Group SAML Identity API impacts GitLab EE Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Denial of Service issue in Grape API JSON parsing middleware impacts GitLab CE/EE HTML injection issue in certain group setting fields...

UBUNTU-CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

CVE-2026-41669

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

PT-2026-36106

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description The SAML Identity Provider implementation fails to properly handle the return value of the validateSignature function. This function returns error strings upon failure instead of throwing exceptions,...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2026-3055 - Security Vulnerability Severity: N/A CV...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2026-3055 NetScaler SAML IdP check Python helper to probe...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

🔓 CVE-2026-3055 - Citrix NetScaler Memory Overread Exploit !...

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everythi...

Citrix NetScaler Out-of-Bounds Read Vulnerability

Citrix NetScaler ADC formerly Citrix ADC, NetScaler Gateway formerly Citrix Gateway and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread...

VulnCheck KEV: CVE-2026-3055

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...

NetScaler ADC and NetScaler Gateway Memory Overread (CTX696300 / CVE-2026-3055)

The remote NetScaler ADC formerly Citrix ADC or NetScaler Gateway formerly Citrix Gateway device is version 14.1 prior to 14.1-60.58, 13.1 prior to 13.1-62.23, or 13.1-FIPS/NDcPP prior to 13.1-37.262. It is, therefore, affected by a vulnerability: - Insufficient input validation in NetScaler ADC...

CVE-2026-3055 Insufficient input validation leading to memory overread

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...

CVE-2026-3055

Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread...

CVE-2026-3055

CVE-2026-3055 affects Citrix NetScaler ADC/NetScaler Gateway when configured as a SAML IDP, causing a memory overread due to insufficient input validation. Affected versions per Nessus plugin: NetScaler ADC/Gateway 14.1 prior to 14.1-66.59; 13.1 prior to 13.1-62.23; and 13.1-FIPS/NDcPP prior to 1...

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read

Overview On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway products. This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS...

Linux Distros Unpatched Vulnerability : CVE-2026-27982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled it is disabled by default, which may...

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the SAML Identity Provider authentication process when it is...

EUVD-2026-9652

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled it is disabled by default, which may allow an attacker to redirect users to an arbitrary external website via a crafted URL...

GHSA-2JPR-83RG-V67J django-allauth has an open redirect vulnerability

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled it is disabled by default, which may allow an attacker to redirect users to an arbitrary external website via a crafted URL...

CVE-2026-27982

A flaw was found in django-allauth. This open redirect vulnerability exists when Security Assertion Markup Language SAML Identity Provider IdP initiated Single Sign-On SSO is enabled, which is disabled by default. A remote attacker could exploit this by crafting a malicious URL, potentially...