Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.7 views

CVE-2026-25922

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS5.5AI score0.00226EPSS
Exploits0References1
CVE
CVE
added 2025/11/05 2:56 p.m.39 views

CVE-2025-46404

CVE-2025-46404 affects the lasso library’s SAML handling (lasso_provider_verify_saml_signature) and can cause denial of service via malformed SAML inputs. Connected advisories confirm multiple distributions issuing fixes: Debian DLA-4397-1 fixes lasso to 2.6.1-3+deb11u1; openSUSE openSUSE-SU-2025...

7.5CVSS6.5AI score0.0046EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-31051

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00545EPSS
Exploits0References1
Veracode
Veracode
added 2022/07/26 3:27 a.m.23 views

Authorization Bypass

drupal7 is vulnerable to authorization bypass. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles...

9.8CVSS8.5AI score0.00545EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/06/03 6:15 p.m.27 views

Authorization

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

6.5CVSS8.8AI score0.00545EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/06/03 4:0 p.m.78 views

CVE-2022-26493

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

9.8CVSS8.9AI score0.00545EPSS
Exploits0
Rows per page
Query Builder