CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

182 matches found

CVE-2026-9330

IBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain...

8.5CVSS0.00355EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 10:48 p.m.•4 views

CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

5.8AI score0.00043EPSS

Exploits0References1

Github Security Blog•added 2026/04/17 9:25 p.m.•3 views

Sentry: Improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...

9.1CVSS5.8AI score0.00058EPSS

Exploits0References4Affected Software1

ATTACKERKB•added 2026/04/02 6:52 p.m.•1 views

CVE-2026-34840

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS5.9AI score0.00039EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2026/03/26 5:3 p.m.•1 views

CVE-2026-3217

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting XSS.This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3...

6.1CVSS5.8AI score0.00041EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 3:24 p.m.•1 views

CVE-2026-3217 SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018

5.8AI score0.00041EPSS

Exploits0References1

RedhatCVE•added 2026/03/05 7:31 p.m.•2 views

CVE-2026-20102

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References1

CVE•added 2026/03/05 5:31 a.m.•11 views

CVE-2026-27982

CVE-2026-27982 is an open redirect vulnerability in django-allauth prior to 65.14.1 when SAML IdP initiated SSO is enabled (disabled by default). An attacker could abuse a crafted URL to redirect users to an arbitrary external site. Affected product: django-allauth; affected component: SAML IdP i...

6.1CVSS6AI score0.00036EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/05 5:31 a.m.•2 views

CVE-2026-27982

An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled it is disabled by default, which may allow an attacker to redirect users to an arbitrary external website via a crafted URL...

5.1CVSS5.9AI score0.00036EPSS

Exploits0References2

OSV•added 2026/02/25 6:51 p.m.•2 views

DRUPAL-CONTRIB-2026-018

This module enables you to perform SAML protocol-based single sign-on SSO on a Drupal site. The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting XSS vulnerability...

6.1CVSS5.4AI score0.00041EPSS

Exploits0References1

NVD•added 2026/02/21 5:17 a.m.•4 views

CVE-2026-27197

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS0.00058EPSS

Exploits0References1

ATTACKERKB•added 2026/02/21 4:35 a.m.•8 views

CVE-2026-27197

9.1CVSS5.7AI score0.00058EPSS

Exploits0References2Affected Software1

OSV•added 2026/02/21 4:35 a.m.•5 views

CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking

9.1CVSS5.7AI score0.00058EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 8:44 a.m.•7 views

CVE-2022-23610

wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was...

9.1CVSS6.7AI score0.00134EPSS

Exploits0References1