Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

576 matches found

NVD
NVDadded 2025/03/11 7:15 p.m.33 views

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS0.00157EPSS
Exploits0References5
CVE
CVEadded 2025/03/11 7:4 p.m.79 views

CVE-2025-27773

CVE-2025-27773 affects the SimpleSAMLphp SAML2 library. A signature confusion attack exists in the HTTPRedirect binding where an attacker who has any signed SAMLResponse can cause the application to accept an unsigned message. This impacts versions prior to 4.17.0 and 5.0.0-alpha.20. The issue is...

8.6CVSS6.9AI score0.00157EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/03/11 7:4 p.m.10 views

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS8.5AI score0.00157EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/03/11 7:4 p.m.28 views

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS0.00157EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/03/11 12:0 a.m.2 views

PT-2025-10892

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp SAML2 library versions prior to 4.17.0 and 5.0.0-alpha.20 Description: The issue is related to a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can...

8.6CVSS6.2AI score0.00157EPSS
Exploits0References25
RedhatCVE
RedhatCVEadded 2025/02/05 12:21 p.m.3 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS6.6AI score0.00183EPSS
Exploits0References1
Veracode
Veracodeadded 2025/01/06 9:1 a.m.11 views

XML External Entity (XXE) Injection

simplesamlphp is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of untrusted XML input, which allows attackers to exploit maliciously crafted XML documents, such as SAMLResponse, to access sensitive information or perform other malicious activities...

8.3CVSS7.1AI score0.00183EPSS
Exploits0References4Affected Software5
Veracode
Veracodeadded 2024/12/11 12:29 a.m.2 views

XML External Entity

simplesamlphp/xml-common is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of untrusted XML input during document parsing, which allows an attacker to exploit external entity references to access sensitive data or perform denial-of-service attacks...

8.8CVSS5.6AI score0.00218EPSS
Exploits0References5Affected Software2
OpenVAS
OpenVASadded 2024/12/03 12:0 a.m.12 views

Debian: Security Advisory (DLA-3981-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.00218EPSS
Exploits0References2
OpenVAS
OpenVASadded 2024/12/03 12:0 a.m.9 views

Debian: Security Advisory (DSA-5822-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.00218EPSS
Exploits0References2
OSV
OSVadded 2024/12/02 8:0 p.m.8 views

GHSA-J5G2-Q29X-CW3H SimpleSAMLphp vulnerable to XXE in parsing SAML messages

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. Original Description Summary When loading an untrusted XML document, fo...

8.3CVSS8AI score0.00218EPSS
Exploits0References4
OSV
OSVadded 2024/12/02 5:25 p.m.19 views

GHSA-PXM4-R5PH-Q2M2 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.phpL41 including the DTDLoad option, which allows...

8.3CVSS8AI score0.00183EPSS
Exploits0References4
OSV
OSVadded 2024/12/02 5:15 p.m.1 views

DEBIAN-CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS5.3AI score0.00218EPSS
Exploits0References1
OSV
OSVadded 2024/12/02 5:15 p.m.1 views

DEBIAN-CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS5.3AI score0.00183EPSS
Exploits0References1
NVD
NVDadded 2024/12/02 5:15 p.m.10 views

CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS0.00218EPSS
Exploits0References3
OSV
OSVadded 2024/12/02 5:15 p.m.0 views

UBUNTU-CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS5.8AI score0.00218EPSS
Exploits0References3
OSV
OSVadded 2024/12/02 5:15 p.m.0 views

UBUNTU-CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS5.8AI score0.00183EPSS
Exploits0References5
Snyk
Snykadded 2024/12/02 4:42 p.m.1 views

XML External Entity (XXE) Injection

Overview simplesamlphp/simplesamlphp is a PHP implementation of a SAML 2.0 service provider and identity provider, also compatible with Shibboleth 1.3 and 2.0. Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the...

8.8CVSS7.6AI score0.00183EPSS
Exploits0References2
Snyk
Snykadded 2024/12/02 4:42 p.m.1 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...

8.8CVSS7.5AI score0.00183EPSS
Exploits0References2
Snyk
Snykadded 2024/12/02 4:42 p.m.1 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...

8.8CVSS7.5AI score0.00183EPSS
Exploits0References2
Rows per page
Query Builder