Lucene search
K

260 matches found

Vulnrichment
Vulnrichment
added 2026/02/10 3:2 a.m.3 views

CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

8.8CVSS5.5AI score0.00464EPSS
Exploits2References2
CVE
CVE
added 2026/02/10 3:2 a.m.27 views

CVE-2026-23687

CVE-2026-23687 affects SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML to the verifier, potentially allowing tampered identity information and leading to unauthorized access to...

8.8CVSS5.5AI score0.00464EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/02/10 3:2 a.m.32 views

CVE-2026-23687 XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

8.8CVSS0.00464EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : libreoffice-6.4.7.2-10.el8.ML.1 (AXSA:2022-3720:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3720:01 advisory. libreoffice: Content Manipulation with Double Certificate Attack CVE-2021-25633 libreoffice: Timestamp Manipulation with Signature Wrapping...

7.5CVSS7.5AI score0.00709EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : lasso-2.6.0-12.el8 (AXSA:2021-2745:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2745:02 advisory. lasso: XML signature wrapping vulnerability when parsing SAML responses CVE-2021-28091 Tenable has extracted the preceding description block directly from th...

7.5CVSS5.6AI score0.01325EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

MiracleLinux 7 : lasso-2.5.1-8.0.1.el7.AXS7 (AXSA:2021-2283:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2283:01 advisory. lasso: XML signature wrapping vulnerability when parsing SAML responses CVE-2021-28091 Tenable has extracted the preceding description block directly from th...

7.5CVSS5.5AI score0.01325EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 8:4 a.m.6 views

Authentication Bypass

ruby-saml is vulnerable to authentication bypass. The vulnerability is due to improper handling of libxml2 canonicalization in Nokogiri when processing invalid XML, which returns an empty string used for DigestValue calculation, allowing an attacker to perform a Signature Wrapping attack and bypa...

9.3CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/12/13 8:2 a.m.6 views

Authentication Bypass

ruby-saml is vulnerable to authentication bypass. The vulnerability is due to inconsistent XML parsing between REXML and Nokogiri resulting in different document structures, which allows an attacker to perform a Signature Wrapping attack and bypass authentication...

9.3CVSS5.8AI score0.0039EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-66568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through...

9.3CVSS5.7AI score0.00211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-66567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypas...

9.8CVSS8.7AI score0.63792EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.7 views

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.8CVSS9.4AI score0.63792EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.5 views

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS7AI score0.00211EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/09 5:24 p.m.20 views

SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475

Summary There is a critical vulnerability on xmlseclibs CVE-2025-66475, a dependency of php-saml Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs: - 2.21.1 - 3.8.1 - 4.3.1 Impact Signature Wrapping Vulnerabilities allows an attacker to impersonat...

6.9AI score
Exploits0References6Affected Software1
NVD
NVD
added 2025/12/09 4:18 p.m.8 views

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS0.0039EPSS
Exploits0References3
NVD
NVD
added 2025/12/09 4:18 p.m.9 views

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS0.00211EPSS
Exploits0References2
OSV
OSV
added 2025/12/09 4:18 p.m.5 views

UBUNTU-CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS5.9AI score0.00211EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/12/09 4:18 p.m.5 views

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS7.3AI score0.0039EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 4:18 p.m.3 views

UBUNTU-CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS5.9AI score0.0039EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/09 2:3 a.m.30 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 2:3 a.m.4 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS6.8AI score0.00211EPSS
Exploits0References2
Rows per page
Query Builder