Lucene search
K

4 matches found

Cvelist
Cvelist
added yesterday19 views

CVE-2026-54774 CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509...

7.4CVSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.4 views

CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate

Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver commonly the IssuerTokenResolve...

7.4CVSS5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/18 8:52 p.m.40 views

CVE-2026-49454

Relyra (Elixir/Phoenix SAML SP) versions 1.0.0 and 1.1.0 are affected by an authentication bypass due to forged SignatureValue not being cryptographically verified in SAML 2.0 processing. The XMLDSig trust boundary was incomplete: :public_key.verify over the exclusive-C14N SignedInfo was not chec...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/18 12:0 a.m.1 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the improper verification of SignatureValue within SignerInfo. An attacker can manipulate the integrity of signed data by crafting a malicious signature that bypasses validation...

9.1CVSS4.7AI score0.00092EPSS
Exploits0References2
Rows per page
Query Builder