esaml 安全漏洞

esaml is a library developed by Australian developer Lexi Wilson for handling SAML authentication. It provides functions for SAML service providers and identity providers. esaml has a security vulnerability, which stems from the undisabled XML entity extensions. This vulnerability may lead to XML...

Linux Distros Unpatched Vulnerability : CVE-2025-66568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through...

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

PT-2025-50299

SAML hmmmm. SimpleSAML LightSAML OneLogin Libxml2 Canonicalization error can bypass Digest/Signature validation https://t.co/qAsVqMjoVJ SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 https://t.co/MTWxV2o0u7 https://t.co/6KxF25cZFr...

Entr'ouvert Lasso lasso_node_impl_init_from_xml type confusion vulnerability

Talos Vulnerability Report TALOS-2025-2193 Entr'ouvert Lasso lassonodeimplinitfromxml type confusion vulnerability November 5, 2025 CVE Number CVE-2025-47151 SUMMARY A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A special...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14. Vulnerability Details CVEID:CVE-2025-55193 DESCRIPTION: Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may ...

EUVD-2025-22950

Malicious code in bioql PyPI...

EUVD-2023-2615

Malicious code in bioql PyPI...

EUVD-2022-7029

Malicious code in bioql PyPI...

EUVD-2023-2365

Malicious code in bioql PyPI...

EUVD-2025-23157

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-45683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML...

Linux Distros Unpatched Vulnerability : CVE-2022-41912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion...

Linux Distros Unpatched Vulnerability : CVE-2025-27773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

DEBIAN-CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

UBUNTU-CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...