369 matches found
EUVD-2023-0904
Malicious code in bioql PyPI...
EUVD-2022-7124
Malicious code in bioql PyPI...
EUVD-2025-13639
Malicious code in bioql PyPI...
EUVD-2024-0511
Malicious code in bioql PyPI...
EUVD-2024-27399
Malicious code in bioql PyPI...
EUVD-2024-46507
Malicious code in bioql PyPI...
EUVD-2024-36047
Malicious code in bioql PyPI...
EUVD-2022-41728
Malicious code in bioql PyPI...
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens...
CVE-2024-58267
CVE-2024-58267 concerns Rancher CLI SAML authentication, where the custom SAML protocol used by Rancher’s CLI can be abused to phish and steal tokens. Connected advisories identify affected code paths in github.com/rancher/rancher and specify vulnerable ranges: v2.9.0–before v2.9.12, v2.10.0–befo...
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens...
PT-2025-39664
Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.9.12 Rancher Manager versions prior to 2.10.10 Rancher Manager versions prior to 2.11.6 Rancher Manager versions prior to 2.12.2 Description Rancher Manager is susceptible to phishing attacks targeting SAML...
SUSE CVE-2024-58267
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher's authentication tokens...
SUSE CVE-2025-9072
Mattermost versions 10.10.x = 10.10.1, 10.5.x = 10.5.9, 10.9.x = 10.9.4 fail to validate the redirectto parameter, allowing an attacker to craft a malicious link that, once a user authenticates with their SAML provider, could post the user's cookies to an attacker-controlled URL...
CVE-2025-59270
The CVE-2025-59270 entry concerns the psPAS PowerShell module (Get-PASSAMLResponse) not explicitly enforcing TLS 1.2 during SAML authentication. The root cause is insufficient TLS protocol enforcement, enabling a MITM adversary in the handshake to downgrade TLS to a deprecated version. The vulner...
psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse
RISK EVALUATION psPAS is a PowerShell module for the CyberArk API. psPAS does not explicitly enforce TLS 1.2 when using the 'Get-PASSAMLResponse' function. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol...
CVE-2025-9072
Mattermost CVE-2025-9072 is an open redirect vulnerability in Mattermost Server where the redirect_to parameter is not validated in certain versions (10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x
CVE-2025-54982
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse...
CVE-2025-54982
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse...
CVE-2025-54982 SAML 2.0 Public Key Validation Issue
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse...