Lucene search
+L

327 matches found

cve
cve
added 18 hours ago21 views

CVE-2026-15013

Technical details are not publicly available in the provided documents. Monitor for updates.

9.8CVSS6AI score
Exploits0References7
euvd
euvd
added 18 hours ago4 views

EUVD-2026-44866

The SAML Single Sign On – SSO Login plugin for WordPress is vulnerable to Authentication Bypass via SAML Signature Algorithm Confusion in all versions up to, and including, 5.4.3. The vulnerability exists because MoSAMLUtilities::mosamlcastkey reads the SignatureMethod Algorithm attribute directl...

9.8CVSS6AI score
Exploits0References7
cvelist
cvelist
added 6 days ago35 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS0.00298EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 11:16 p.m.8 views

CVE-2026-54781

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS0.00178EPSS
Exploits0References6
cve
cve
added 2026/07/08 10:19 p.m.18 views

CVE-2026-54781

CoreWCF (SAML token validation) does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom confirmation method assertions to authenticate subjects without proper authority. Affects CoreWCF.Primitives and rel...

7.4CVSS5.9AI score0.00178EPSS
Exploits0References6
euvd
euvd
added 2026/07/02 8:42 p.m.25 views

EUVD-2026-12688

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions...

7.7CVSS5.8AI score0.00241EPSS
Exploits0References11
nvd
nvd
added 2026/06/30 1:18 p.m.10 views

CVE-2026-44946

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service ACS handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,...

9.5CVSS0.00291EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 12:14 p.m.7 views

EUVD-2026-40304

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service ACS handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,...

9.5CVSS5.8AI score0.00291EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 9:5 p.m.14 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
cve
cve
added 2026/06/24 8:58 p.m.14 views

CVE-2026-46423

Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 contains a SAML SP issue where the verifySignatures routine returns early if serviceProviderOptions.cert is falsy, causing silent skip of SAML Response and Assertion signature validation when the IdP certi...

9.3CVSS5.9AI score0.00149EPSS
Exploits0References1
osv
osv
added 2026/06/24 8:58 p.m.4 views

CVE-2026-46423 Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...

9.3CVSS6AI score0.00149EPSS
Exploits0References3
osv
osv
added 2026/06/24 8:54 p.m.4 views

CVE-2026-45677 Rocket.Chat: Lack of SAML Signature Check During Logout Could Lead To DoS

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

8.7CVSS6AI score0.00451EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/24 7:25 a.m.11 views

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

9.6CVSS5.8AI score0.00312EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.11 views

PT-2026-52096

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.1 Rocket.Chat versions prior to 8.3.3 Rocket.Chat versions prior to 8.2.3 Rocket.Chat versions prior to 8.1.4 Rocket.Chat versions prior to 8.0.5 Rocket.Chat versions prior ...

9.3CVSS5.7AI score0.00149EPSS
Exploits0References4
cve
cve
added 2026/06/23 10:9 p.m.29 views

CVE-2026-54588

Poweradmin (for PowerDNS) is affected by a Host Header Injection vulnerability in auth flows. Versions prior to 4.2.4 and 4.3.3 use the HTTP_HOST header as the authoritative source for building OIDC redirect_uri, SAML ACS/SLO URLs, and logout redirects without validation. An unauthenticated attac...

9.6CVSS6AI score0.00312EPSS
Exploits0References3
cve
cve
added 2026/06/23 3:59 p.m.22 views

CVE-2026-13007

Tenable Identity Exposure exposes multiple unauthenticated API endpoints under /w/api/* that return sensitive configuration data (cleartext LDAP credentials, SAML config, user accounts, directory settings). Responses are served with Cache-Control: public and without Vary: Cookie, enabling reverse...

8.7CVSS5.9AI score0.00432EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/23 12:0 a.m.18 views

PT-2026-51607

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Description Poweradmin is a web-based DNS administration tool for PowerDNS server. The software uses the attacker-controlled HTTP HOST request header as the authoritative...

9.6CVSS6AI score0.00312EPSS
Exploits0References14
attackerkb
attackerkb
added 2026/06/21 6:30 p.m.5 views

CVE-2026-12804

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...

5.3CVSS5.3AI score0.00264EPSS
Exploits0References7
github
github
added 2026/06/19 8:47 p.m.7 views

CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced

Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...

7.4CVSS6AI score0.00178EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/19 8:47 p.m.7 views

GHSA-48PQ-2XQ3-C2M4 CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced

Impact The relying application is given a ClaimsPrincipal for a subject whose authority over the assertion the sender never proved. There are two distinct exploit shapes: - Holder-of-key downgrade. An attacker who obtains a holder-of-key SAML assertion that was issued without KeyInfo issuer bug,...

7.4CVSS6AI score0.00178EPSS
Exploits0References2
Rows per page
Query Builder