5 matches found
CVE-2026-9095 CVE-2026-9095
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
CVE-2026-9095 CVE-2026-9095
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
EUVD-2026-32949
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
webtransport-go 安全漏洞
webtransport-go is an open-source Go language library developed by quic-go. Versions of webtransport-go prior to 0.10.0 contained security vulnerabilities. These vulnerabilities stemmed from the failure to remove closed streams from the internal session mapping, which could lead to unlimited memo...
SUSE CVE-2011-1585
The cifsfindsmbses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user...