282 matches found
CVE-2026-9093 CVE-2026-9093
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...
CVE-2026-9093
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...
EUVD-2026-32945
In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...
CVE-2026-9090
Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor 2.362.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the SAML service provider’s failure to validate the...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the lack of enforcement of SAML assertion time ranges. The gosaml2...
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...
GHSA-34R5-Q4JW-R36M samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...
Astra Linux - уязвимость в firefox
Context-specific code was included in a shared jump table, resulting in assertions being triggered in multithreaded Wasm code. This vulnerability affects Firefox versions earlier than 86...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Removal of overly strict queue assertions. In the current implementation, the skbprio enqueue/dequeue operations contain assertions that fail under certain conditions when SKBPRIO is used as a child qdisc under...
Kyverno 安全漏洞
Kyverno is an open-source policy engine designed for Kubernetes by Kyverno developers. Versions of Kyverno prior to 1.17.2 and 1.16.4 contained security vulnerabilities. These vulnerabilities stemmed from unchecked type assertions in the forEach mutation processor, allowing any user with permissi...
CVE-2026-22734
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...
FastGPT 安全漏洞
FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained a security vulnerability. This vulnerability stemmed from the use of TypeScript type assertions in password-based login endpoints...
Cloud Foundry cf-deployment和Cloud Foundry UUA 安全漏洞
Cloud Foundry cf-deployment and Cloud Foundry UUA are both products of the American Cloud Foundry Foundation. Cloud Foundry cf-deployment is a Cloud Foundry deployment tool. Cloud Foundry UUA is an identity authentication and authorization management service. There are security vulnerabilities in...
CVE-2026-22734
The CVE-2026-22734 issue concerns a SAML 2.0 signature/encryption bypass in Cloud Foundry UUA/UAA. Affected software includes Cloud Foundry UUA from v77.30.0 to v78.7.0 and CF Deployment from v48.7.0 to v54.14.0, where UAA accepts unsigned/unencrypted SAML 2.0 bearer assertions, enabling an attac...
CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...
CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...
Malicious code in package-with-import-assertions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 607b154dcfd87f209bf01efe33fdd864fe77432b9c7a246b4520d137236afe1c The package package-with-import-assertions was found to contain malicious code...
MAL-2026-2790 Malicious code in package-with-import-assertions (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 607b154dcfd87f209bf01efe33fdd864fe77432b9c7a246b4520d137236afe1c The package package-with-import-assertions was found to contain malicious code...
PT-2026-33375
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...