Lucene search
+L

522 matches found

Nuclei
Nuclei
added 18 hours ago30 views

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.9AI score0.06139EPSS
Exploits1References5
NVD
NVD
added 2 days ago7 views

CVE-2026-12281

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

8.1CVSS0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-44594

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-12281 Shibboleth < 2.5.4 - Unauthenticated Administrator Account Creation via Identity Header Spoofing

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-12281

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-12281

The vulnerability CVE-2026-12281 affects the Shibboleth WordPress plugin before 2.5.4. When HTTP header identity mode is enabled without an anti-spoofing key, the plugin does not fail closed and treats any request carrying identity headers as authenticated without verification. This allows an una...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in xmltooling

Shibboleth XMLTooling before version 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allowed SSRF through a specially crafted KeyInfo element. This issue has been fixed, for example, in Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.7AI score0.03055EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

Shibboleth SSO Open Redirect

Shibboleth Service Provider SP contains an open redirect vulnerability. An attacker can exploit this vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other malicious activities. This issue arises when the 'redirectLimit' configuration option is not...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.7 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.3CVSS7.1AI score0.01294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.6 views

CVE-2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable for a daemon crash on systems not using this feature if a crafted cookie is supplied...

7.5CVSS6.8AI score0.02EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-20470

Malware in sbrugna...

7.5CVSS7.5AI score0.01833EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18701

Malware in sbrugna...

7.5CVSS7.4AI score0.02EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-5816

Malware in sbrugna...

6.1CVSS6.1AI score0.0146EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-5468

Malware in sbrugna...

2.1CVSS6.4AI score0.00996EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-3458

Malware in sbrugna...

9.3CVSS6.1AI score0.04097EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2012-4423

Malware in sbrugna...

4.3CVSS6.4AI score0.01082EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1309

Malware in sbrugna...

6.5CVSS6.7AI score0.01518EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-4493

Malware in sbrugna...

4.6CVSS6.4AI score0.0033EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1312

Malware in sbrugna...

6.5CVSS6.7AI score0.02148EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-9390

Malware in sbrugna...

6.1CVSS6.3AI score0.01469EPSS
Exploits1References5
Rows per page
Query Builder