3766 matches found
CVE-2026-13007 Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/ that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings to unauthenticated remote attackers. Affected responses are...
Zabbix - SAML SSO Authentication Bypass
When SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor because a user login stored in the session was not verified. id: CVE-2022-23131 info: name: Zabbix - SAML SSO Authentication Bypass author: For3stCo1d,spac3wh1te severity: critical description:...
PT-2026-51549
Name of the Vulnerable Software and Affected Versions Tenable Identity Exposure affected versions not specified Description Multiple unauthenticated API endpoints under '/w/api/' expose sensitive application configuration data to remote attackers. The leaked information includes cleartext LDAP...
CVE-2026-12804
A flaw was found in lemonldap-ng. A remote attacker could exploit this vulnerability by manipulating the 'url' argument within the SAML Common Domain Cookie Endpoint. This manipulation results in an open redirect, potentially leading to users being redirected to arbitrary malicious websites...
CVE-2026-12804 lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
CVE-2026-12804 lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
EUVD-2026-38190
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
CVE-2026-12804
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
CVE-2026-12804
Affected software: lemonldap-ng up to 2.23.0. Vulnerable component/file: lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm within the SAML Common Domain Cookie Endpoint. Root cause: manipulation of the argument url causes an open redirect. Impact: enables remote exploitation; attack vector is ne...
Improper Verification of Cryptographic Signature
Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature vi...
Insufficient Session Expiration
Overview CoreWCF.Primitives is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Insufficient Session Expiration due to the TryAdd...
Astra Linux – Vulnerability in open-vm-tools
VMware Tools contains a vulnerability related to bypassing the SAML token signature. A malicious actor who has been granted “Guest Operation Privileges” can potentially elevate their privileges if the target virtual machine has been assigned a more privileged “Guest Alias”. source-iocs-preserved...
CVE-2026-49454 Relyra SAML SignatureValue not cryptographically verified -> authentication bypass
Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...
CVE-2026-49454
Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...
ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components
Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...
GHSA-29JH-8CFQ-RR8X ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Components
Summary A Server-Side Request Forgery SSRF vulnerability was discovered in Zitadel affecting: HTTP Notification Channels: Used as an alternative to SMTP/Twilio configurations, sending payloads to user-defined URLs via HTTP POST webhooks. OIDC BackChannel Logout: Terminates sessions across differe...
PT-2026-50740
Name of the Vulnerable Software and Affected Versions Zitadel versions 4.0.0 through 4.15.1 Zitadel versions 3.0.0 through 3.4.11 Description A Server-Side Request Forgery SSRF issue exists in components that handle outgoing HTTP requests, specifically HTTP Notification Channels, OIDC BackChannel...
Ivanti SAML - Server Side Request Forgery (SSRF)
A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure 9.x, 22.x and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. id: CVE-2024-21893 info: name: Ivanti SAML - Server...
SAP NetWeaver AS ABAP XML Signature Wrapping in SAML Authentication (3746332)
The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by an XML signature wrapping vulnerability in SAML authentication as referenced in SAP Security Note 3746332: - SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker...
Spring Security 5.7.x < 5.7.24 / 5.8.x < 5.8.26 / 6.3.x < 6.3.17 / 6.4.x < 6.4.17 / 6.5.x < 6.5.11 / 7.0.x < 7.0.6 DoS
The version of Spring Security installed on the remote host is 5.7.x prior to 5.7.24, 5.8.x prior to 5.8.26, 6.3.x prior to 6.3.17, 6.4.x prior to 6.4.17, 6.5.x prior to 6.5.11, or 7.0.x prior to 7.0.6. It is, therefore, affected by a vulnerability: - An application using...