696 matches found
CVE-2026-9093
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...
CVE-2026-41577
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...
Halo Security Honored with 2026 MSP Today Product of the Year Award
Miami Beach, FL, USA, 2nd June 2026, CyberNewswire...
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor....
CVE-2026-32998
This vulnerability in Veeam Service Provider Console allows for remote code execution...
EUVD-2026-33228
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
Veeam Service Provider Console 9.x < 9.2.1.33875 RCE (KB4853)
The version of Veeam Service Provider Console installed on the remote Windows host is prior to 9.2.1.33875. It is, therefore, affected by a remote code execution vulnerability: - A vulnerability in Veeam Service Provider Console allows for remote code execution. CVE-2026-32998 Note that Nessus ha...
CVE-2026-5343
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
CVE-2026-5343
CVE-2026-5343 affects the Drupal SAML SSO - Service Provider module. The issue is an improper check for unusual or exceptional conditions that enables privilege escalation. Affected versions are 0.0.0 up to, but not including, 3.1.4. The CVSSv3.1 vector indicates NETWORK attack, high complexity, ...
CVE-2026-9093
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...
CVE-2026-9093
Casdoor versions 2.362.0 and earlier have a SAML vulnerability where the SAML service provider does not validate AudienceRestriction. The buildSp function does not set AudienceURI on the gosaml2 SAMLServiceProvider and does not inspect WarningInfo.NotInAudience, allowing assertions issued for oth...
CVE-2026-32998
This vulnerability in Veeam Service Provider Console allows for remote code execution...
EUVD-2026-32714
This vulnerability in Veeam Service Provider Console allows for remote code execution...
CVE-2026-32998
This vulnerability in Veeam Service Provider Console allows for remote code execution...
CVE-2026-32998
This vulnerability in Veeam Service Provider Console allows for remote code execution...
CVE-2026-32998
Veeam Service Provider Console (VSPC) contains a critical remote code execution vulnerability (CVE-2026-32998) that affects versions prior to the fix. The CVE is addressed starting with VSPC 9.2.1.33875, per Veeam KB4853 and KB4788, which state the vulnerability was fixed and list the affected bu...
PT-2026-44176
This vulnerability in Veeam Service Provider Console allows for remote code execution...
Veeam Service Provider Console 安全漏洞
Veeam Service Provider Console is a cloud-enabled platform developed by the American company Veeam. There is a security vulnerability in Veeam Service Provider Console, which may lead to remote code execution...