68 matches found
WordPress plugin CoSign Single Signon 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-54973
CVE-2025-54973 describes a race condition (CWE-362) in Fortinet FortiAnalyzer. Multiple FortiAnalyzer releases are affected (versions 7.6.0–7.6.2, 7.4.0–7.4.6, 7.2.0–7.2.10, and before 7.0.13). The issue arises from improper synchronization of a shared resource, enabling an attacker to attempt to...
EUVD-2012-3117
Malware in sbrugna...
EUVD-2012-3200
Malware in sbrugna...
EUVD-2015-4871
Malware in sbrugna...
EUVD-2015-4901
Malware in sbrugna...
CVE-2025-26515
StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 without Single Sign-on enabled are susceptible to a Server-Side Request Forgery SSRF vulnerability. Successful exploit could allow an unauthenticated attacker to change the password of any Grid Manager or Tenant...
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
Summary The Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to conduct credential testing attacks, such as credential stuffing or...
Malicious code in signon-react-data-grid (npm)
The package signon-react-data-grid was found to contain malicious code...
MAL-2025-33240 Malicious code in signon-react-data-grid (npm)
The package signon-react-data-grid was found to contain malicious code...
CVE-2025-40758
A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...
CVE-2025-40758
A vulnerability has been identified in Mendix SAML Mendix 10.12 compatible All versions V4.0.3, Mendix SAML Mendix 10.21 compatible All versions V4.1.2, Mendix SAML Mendix 9.24 compatible All versions V3.6.21. Affected versions of the module insufficiently enforce signature validation and binding...
DEBIAN-CVE-2025-25292
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
The vulnerability of the SAML single-input module in the software for managing identity verification and access control in Keycloak allows a attacker to perform XSS attacks.
The vulnerability of the SAML single-sign-on module in the software for managing identity verification and access to Keycloak exists due to the lack of security measures for the web page structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...
CVE-2023-34923
XML Signature Wrapping XSW in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider IP to impersonate any TOPdesk user via SAML Response manipulation...
SUSE CVE-2012-3139
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon local and SSO...
SUSE CVE-2012-3222
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon...
CVE-2022-33968
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read...
PT-2022-20529 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.3.0 through 2.3.5 Argo CD versions 2.4.0 through 2.4.4 Description: The issue is a cross-site scripting XSS bug that could allow an attacker to inject arbitrary JavaScript in the "/auth/callback" page in a victim's browser...
CVE-2021-26088
An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets...