Node-SAML SAML Signature Verification Vulnerability

Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...

PT-2025-31149

Name of the Vulnerable Software and Affected Versions: Node-SAML versions 5.0.1 and below Description: Node-SAML improperly loads the assertion from the unsigned original response document, differing from the parts verified during signature checking. This allows modification of authentication...

node-saml 数据伪造问题漏洞

node-saml is a SAML library that does not depend on any framework running in Node.js. A data forgery issue vulnerability exists in Node-SAML 5.0.1 and prior versions, which stems from an unvalidated assertion document that could result in modifying authentication details in SAML assertions...

PT-2025-28345 · Phoenix Contact · Charx Sec-3000 +7

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated adjacent attacker can modify configuration by sending specific requests to an "API-endpoint" resulting in read and write access due to missing authentication...

SSRF Vulnerability in Kong API Gateway Admin Rest API

Kong API Gateway is one of the most popular cloud-native API gateways, with two branches, open source and enterprise, which is widely used as API access middleware for cloud-native, microservice, and service-less cloud function scenarios, providing cloud-native applications with authentication,...

Ben Chivers Easy Homepage Creator 1.0 - File Modification

source: https://www.securityfocus.com/bid/5340/info The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing to properly authenticate users who wish to edit home pages...