Lucene search
K

68 matches found

CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

WordPress plugin CoSign Single Signon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS5.7AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2025/10/14 3:23 p.m.17 views

CVE-2025-54973

CVE-2025-54973 describes a race condition (CWE-362) in Fortinet FortiAnalyzer. Multiple FortiAnalyzer releases are affected (versions 7.6.0–7.6.2, 7.4.0–7.4.6, 7.2.0–7.2.10, and before 7.0.13). The issue arises from improper synchronization of a shared resource, enabling an attacker to attempt to...

5.3CVSS6.5AI score0.0029EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-3117

Malware in sbrugna...

4.3CVSS6.4AI score0.01024EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-3200

Malware in sbrugna...

5CVSS6.4AI score0.01317EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2015-4871

Malware in sbrugna...

4.3CVSS7.5AI score0.03152EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-4901

Malware in sbrugna...

5CVSS7.5AI score0.01926EPSS
Exploits0References3
OSV
OSV
added 2025/09/19 7:15 p.m.3 views

CVE-2025-26515

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...

7.5CVSS5.8AI score0.00317EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/08 8:45 p.m.13 views

Fides has a Lack of Brute-Force Protections on Authentication Endpoints

Summary The Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or...

6.5CVSS7.1AI score0.00277EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in signon-react-data-grid (npm)

The package signon-react-data-grid was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-33240 Malicious code in signon-react-data-grid (npm)

The package signon-react-data-grid was found to contain malicious code...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2025/08/14 3:6 p.m.6 views

CVE-2025-40758

A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...

8.7CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 3:6 p.m.2 views

CVE-2025-40758

A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...

8.7CVSS7.2AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2025/03/12 9:15 p.m.1 views

DEBIAN-CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

9.8CVSS7.8AI score0.63792EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/07/24 12:0 a.m.6 views

The vulnerability of the SAML single-input module in the software for managing identity verification and access control in Keycloak allows a attacker to perform XSS attacks.

The vulnerability of the SAML single-sign-on module in the software for managing identity verification and access to Keycloak exists due to the lack of security measures for the web page structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...

6.8CVSS6.1AI score0.00711EPSS
Exploits0References9Affected Software9
OSV
OSV
added 2023/06/22 7:15 p.m.3 views

CVE-2023-34923

XML Signature Wrapping XSW in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider IP to impersonate any TOPdesk user via SAML Response manipulation...

8.1CVSS5.8AI score0.00741EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.6 views

SUSE CVE-2012-3139

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon local and SSO...

4.3CVSS6.7AI score0.01024EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.5 views

SUSE CVE-2012-3222

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon...

5CVSS6.7AI score0.01317EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/03 2:0 p.m.2 views

CVE-2022-33968

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read...

4.9CVSS6.1AI score0.00445EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/12 12:0 a.m.5 views

PT-2022-20529 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.3.0 through 2.3.5 Argo CD versions 2.4.0 through 2.4.4 Description: The issue is a cross-site scripting XSS bug that could allow an attacker to inject arbitrary JavaScript in the "/auth/callback" page in a victim's browser...

6.1CVSS5.8AI score0.005EPSS
Exploits0References10
OSV
OSV
added 2021/07/12 2:15 p.m.2 views

CVE-2021-26088

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets...

9.6CVSS5.8AI score0.01031EPSS
Exploits0References1
Rows per page
Query Builder