Lucene search
K

718 matches found

Ivanti
Ivanti
added 6 days ago9 views

SAML 2.0 SP signature validation behaviour from ICS 25.1.3.0

Last Modified Date Jul 3, 2026 11:45:26 AM...

5.9AI score
Exploits0
EUVD
EUVD
added last week10 views

EUVD-2026-41407

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 3:44 p.m.19 views

CVE-2023-20540

CVE-2023-20540 describes a timing discrepancy in the AMD Secure Processor (ASP) that could enable a privileged attacker to brute-force the hash-based MAC, potentially compromising data integrity. Affected component: AMD Secure Processor / ASP in AMD client/server platforms using ASP. Root cause: ...

1.8CVSS5.9AI score0.00114EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in xmltooling

Shibboleth XMLTooling before version 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allowed SSRF through a specially crafted KeyInfo element. This issue has been fixed, for example, in Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.7AI score0.03055EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

Spring Security 5.7.x < 5.7.24 / 5.8.x < 5.8.26 / 6.3.x < 6.3.17 / 6.4.x < 6.4.17 / 6.5.x < 6.5.11 / 7.0.x < 7.0.6 DoS

The version of Spring Security installed on the remote host is 5.7.x prior to 5.7.24, 5.8.x prior to 5.8.26, 6.3.x prior to 6.3.17, 6.4.x prior to 6.4.17, 6.5.x prior to 6.5.11, or 7.0.x prior to 7.0.6. It is, therefore, affected by a vulnerability: - An application using...

7.5CVSS5.4AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 1:13 a.m.7 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the REDIRECT binding. An attacker can exhaust system...

8.7CVSS5.3AI score0.00331EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 12:16 a.m.22 views

CVE-2026-40988

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:46 p.m.9 views

CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS5.4AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:46 p.m.86 views

CVE-2026-40988

CVE-2026-40988 refers to an issue in the use of the REDIRECT binding for SAML 2.0 Login/Logout with the Spring Security SAML2 Service Provider, where an unbounded writer can inflate the compressed SAML payload in memory, causing a denial of service. The vulnerability affects Spring Security versi...

7.5CVSS5.5AI score0.00331EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

Veeam Service Provider Console < 9.2.1.33875 (kb4856)

The version of Veeam Service Provider Console installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the kb4856 advisory. - This vulnerability in Veeam Service Provider Console allows for remote code execution. CVE-2026-32998 Note...

9.4CVSS5.8AI score0.00403EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 6:41 p.m.33 views

CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...

8.7CVSS0.00383EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.14 views

CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

9.8CVSS5.8AI score0.00365EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:12 p.m.9 views

CVE-2026-41577

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00169EPSS
Exploits0References2Affected Software1
HackRead
HackRead
added 2026/06/02 12:0 p.m.27 views

Halo Security Honored with 2026 MSP Today Product of the Year Award

Miami Beach, FL, USA, 2nd June 2026, CyberNewswire...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/01 11:30 a.m.28 views

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor....

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 a.m.15 views

CVE-2026-32998

This vulnerability in Veeam Service Provider Console allows for remote code execution...

9.4CVSS6.1AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:38 a.m.13 views

EUVD-2026-33228

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

5.8AI score0.00257EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.24 views

Veeam Service Provider Console < 9.2.1.33875 (kb4853)

The version of Veeam Service Provider Console installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the kb4853 advisory. - This vulnerability in Veeam Service Provider Console allows for remote code execution. CVE-2026-32998 Note...

9.4CVSS5.8AI score0.00403EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 11:16 p.m.12 views

CVE-2026-5343

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

7.4CVSS0.00257EPSS
Exploits0References1
Rows per page
Query Builder