Apereo CAS Cross-Site Scripting

Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints. id: CVE-2021-42567 info: name: Apereo CAS Cross-Site Scripting author: pdteam severity: medium description: Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the RES...

Unity Linux 20.1060e / 20.1070e Security Update: cryptacular (UTSA-2026-016656)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016656 advisory. CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC2), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC2) +3 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-22739 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-15762281...

EUVD-2015-1311

Malware in sbrugna...

EUVD-2018-0798

Malware in sbrugna...

EUVD-2021-1832

Malware in sbrugna...

EUVD-2025-12426

Malicious code in bioql PyPI...

EUVD-2024-2624

Malicious code in bioql PyPI...

EUVD-2025-12431

Malicious code in bioql PyPI...

EUVD-2025-12427

Malicious code in bioql PyPI...

EUVD-2024-33684

Malicious code in bioql PyPI...

EUVD-2024-33685

Malicious code in bioql PyPI...

EUVD-2023-54465

Malicious code in bioql PyPI...

EUVD-2024-33686

Malicious code in bioql PyPI...

EUVD-2022-3859

Malicious code in bioql PyPI...

CVE-2024-11208

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitati...

CVE-2024-11207

A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirecturi leads to open redirect. The attack can be launched remotely. The exploit has been disclosed t...

CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

CVE-2021-42567

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints...