Lucene search
K

3766 matches found

Vulnrichment
Vulnrichment
added 2026/05/29 6:15 p.m.11 views

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

6.5CVSS5.8AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-45039

Summary modules/sso/clients.php validates an adm csrf token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, ...

5.4CVSS5.8AI score0.00016EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

JetBrains TeamCity 输入验证错误漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Prior to JetBrains TeamCity 2026.1, there was a...

6.1CVSS5.9AI score0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45029

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 authentik versions prior to 2026.5.1 Description The SAML Source ACS endpoint is susceptible to XML Signature Wrapping, a technique where a valid signature is used to...

8.5CVSS5.8AI score0.00162EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44960

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description An open redirect exists within the SAML plugin. An open redirect occurs when an application takes a user-supplied URL and redirects the user to it without sufficient validation, potential...

6.1CVSS5.8AI score0.00164EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1...

6.5CVSS5.9AI score0.00208EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 10:48 p.m.8 views

CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

5.8AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 7:16 p.m.11 views

UBUNTU-CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS5.8AI score0.00249EPSS
Exploits1References5
NVD
NVD
added 2026/05/28 5:16 p.m.18 views

CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

9.8CVSS0.00365EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 p.m.18 views

CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

9.1CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:31 p.m.11 views

CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

5.8AI score0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:31 p.m.53 views

CVE-2026-9098

Casdoor versions up to 2.362.0 expose a SAML flaw: the /api/acs callback accepts any well-formed SAMLResponse without tying it to a prior AuthnRequest. If an administrator disables or deletes an IdP during a flow, the handler still uses the initial provider snapshot, enabling unsolicited SAML res...

9.1CVSS5.8AI score0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:27 p.m.10 views

CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

5.8AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 4:27 p.m.33 views

CVE-2026-9096 CVE-2026-9096

Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...

0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:25 p.m.24 views

CVE-2026-9095

Casdoor CVE-2026-9095 affects versions 2.362.0 and earlier. The ParseSamlResponse() in object/saml_sp.go maps retrieved SAML assertions directly to user sessions without replay protection, lacking an assertion ID cache, OneTimeUse enforcement, or replay detection in the SAML SP code path. This en...

8.1CVSS5.9AI score0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:21 p.m.13 views

EUVD-2026-32945

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

5.8AI score0.00365EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:21 p.m.7 views

CVE-2026-9093 CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

5.8AI score0.00365EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:21 p.m.22 views

CVE-2026-9093

Casdoor versions 2.362.0 and earlier have a SAML vulnerability where the SAML service provider does not validate AudienceRestriction. The buildSp function does not set AudienceURI on the gosaml2 SAMLServiceProvider and does not inspect WarningInfo.NotInAudience, allowing assertions issued for oth...

9.8CVSS5.8AI score0.00365EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:21 p.m.39 views

CVE-2026-9093 CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

0.00365EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:17 p.m.8 views

CVE-2026-9090

Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...

5.9AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder