CVE-2026-13007 Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are...

EUVD-2026-38487

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are...

EUVD-2020-28081

Malware in sbrugna...

EUVD-2025-15135

Malicious code in bioql PyPI...

EUVD-2023-49995

Malicious code in bioql PyPI...

EUVD-2024-48395

Malicious code in bioql PyPI...

EUVD-2023-27986

Malicious code in bioql PyPI...

CVE-2020-6939

Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions...

CVE-2025-0126

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...

CVE-2025-0126

When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker. T...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h11 / 10.2.x < 10.2.10-h6 / 11.0.x < 11.0.6 / 11.1.x < 11.1.5 / 11.2.x < 11.2.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h11 or 10.2.x prior to 10.2.10-h6 or 11.0.x prior to 11.0.6 or 11.1.x prior to 11.1.5 or 11.2.x prior to 11.2.3. It is, therefore, affected by a vulnerability. When configured using SAML, a session...

CVE-2022-31122

Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML...

CVE-2024-7475

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

Gitlab -- Vulnerabilities

Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads resource exhaustion Unauthorized user can manipulate status of issues in public projects Instance SAML does not respect externalprovider configuration...

FreeBSD : Gitlab -- Vulnerabilities (2bfde261-cdf2-11ef-b6b2-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2bfde261-cdf2-11ef-b6b2-2cf05da270f3 advisory. Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads...

The vulnerability of the platform for monitoring, managing, and improving LLM applications, related to lack of access control, allows attackers to influence the confidentiality and integrity of the protected information.

The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to lack of access control. Exploiting this vulnerability allows a malicious actor to influence the confidentiality and integrity of the protected information by updating the SAML configuration...

lunary access control error vulnerability (CNVD-2025-09695)

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from not properly restricting permissions to update the SAML configuration. An attacker could use this vulnerability to modify the authentication process and steal user...

CVE-2024-7475

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

CVE-2024-7475

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...

CVE-2024-7475 Improper Access Control in lunary-ai/lunary

An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of authentication processes, fraudulent login requests, and theft of user information. Appropriate acce...