3761 matches found
EUVD-2026-34027
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...
EUVD-2026-33987
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...
authentik 输入验证错误漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions prior to 2025.12.5, 2026.2.3, and 2026.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from an XML signature packaging flaw in the SAML Source ACS endpoint’s...
CVE-2026-9330
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...
CVE-2026-9330 IBM WebSphere Application Server is affected by remote code execution
IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...
GHSA-XG76-5QJ2-2HHV Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation
Summary modules/sso/clients.php validates an admcsrftoken on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, a...
authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
Summary authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. Patches authentik 2026.5.1, 2026.2.4 and...
CVE-2026-9090
Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...
CVE-2026-49376
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...
CVE-2026-49381
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...
CVE-2026-49380
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...
CVE-2026-49380
CVE-2026-49380 : In JetBrains TeamCity (before 2026.1), the SAML plugin allows an open redirect. Affected product: JetBrains TeamCity with the SAML plugin; root cause: improper redirection handling in the SAML plugin leading to open redirect. Impact: potential user redirection to arbitrary URL. R...
CVE-2026-49381
JetBrains TeamCity prior to version 2026.1 is affected by a stored cross-site scripting (XSS) vulnerability on the SAML login page. The issue allows an attacker to inject content that could be rendered in the victim’s browser, with the CVSS basis indicating UI interaction is required and privileg...
CVE-2026-49381
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...
CVE-2026-49376
CVE-2026-49376 affects JetBrains TeamCity prior to 2026.1 via the SAML plugin , where the root cause is insufficient username validation . The vulnerability is exploitable remotely over the network with low complexity and no privileges or user interaction required, and it has a confidentiality/ i...
CVE-2026-49376
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...
CVE-2026-49376
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...
CVE-2026-49376
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...
JetBrains TeamCity 输入验证错误漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Prior to JetBrains TeamCity 2026.1, there was a...
PT-2026-44960
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 Description An open redirect exists within the SAML plugin. An open redirect occurs when an application takes a user-supplied URL and redirects the user to it without sufficient validation, potential...