lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

Critical: lasso

Issue Overview: A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. CVE-2025-4640...

UBUNTU-CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

PT-2025-45108

Name of the Vulnerable Software and Affected Versions Entr’ouvert Lasso versions 2.5.1 and 2.8.2 Description A denial of service issue exists in the g assert not reached functionality. A specially crafted SAML assertion response can cause a denial of service. An attacker can trigger this by sendi...

Entrouvert Lasso 安全漏洞

Entrouvert Lasso is a single sign-on protocol implementation library open-sourced by Entrouvert France. A security vulnerability exists in Entrouvert Lasso versions 2.5.1 and 2.8.2, which stems from a flaw in the gassertnotreached function that could lead to a denial of service attack...

Rancher 日志信息泄露漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. A log information disclosure vulnerability exists in Rancher versions prior to 2.6.14, prior to 2.7.10, and prior to...

WordPress plugin TI WooCommerce Wishlist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

VulnCheck KEV: CVE-2024-43917

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2...

PT-2023-17692 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.6.x and earlier Harbor versions 2.7.2 and earlier Harbor versions 2.8.2 and earlier Harbor versions 1.10.17 and earlier Description: A timing condition in Harbor allows an attacker with network access to create jobs, stop jo...

Discourse 信息泄露漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse is vulnerable to an information disclosure vulnerability that originates in the "stable" branch of version 2.8.2 and earlier, the "beta" branch of version 2.9.0.bet...