Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

128 matches found

ATTACKERKB
ATTACKERKBadded last week6 views

CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

5.8AI score0.00024EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.8 views

PT-2026-44427

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

5.8AI score0.00024EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 3:0 a.m.3 views

CVE-2026-41670

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS5.9AI score0.00018EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/07 3:0 a.m.2 views

CVE-2026-41670 Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS5.9AI score0.00018EPSS
Exploits0References2
CVE
CVEadded 2026/05/07 3:0 a.m.3 views

CVE-2026-41670

Admidio before 5.0.9 permits an attacker who knows a registered SP’s Entity ID to craft a SAML AuthnRequest with an attacker-controlled AssertionConsumerServiceURL, causing the IdP to send a signed SAML response containing user attributes to the attacker’s URL. The root cause is that ACS URL is t...

8.2CVSS5.9AI score0.00018EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/29 9:57 p.m.3 views

Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest

Summary The SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL smcacsurl stored in the database for the...

8.2CVSS6AI score0.00018EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/04/14 10:31 p.m.0 views

EUVD-2026-22761

OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in authrequest Mode...

9.1CVSS5.8AI score0.00053EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/14 10:14 p.m.0 views

CVE-2026-34457 OAuth2 Proxy: Health Check User-Agent Matching Bypasses Authentication in auth_request Mode

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...

9.1CVSS5.8AI score0.00053EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.0 views

PT-2026-32955

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...

9.1CVSS5.8AI score0.00053EPSS
Exploits0References14
EUVD
EUVDadded 2026/03/16 3:30 p.m.1 views

EUVD-2026-12168

Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

7.3CVSS5.9AI score0.00824EPSS
Exploits0References2
CVE
CVEadded 2026/03/13 8:38 p.m.7 views

CVE-2026-3839

CVE-2026-3839 affects Unraid installations and concerns a path traversal/authentication bypass in the auth-request.php component. The root cause, per Red Hat/NVD/NVD-derived descriptions, is insufficient validation of a user-supplied path prior to its use in authentication, enabling an unauthenti...

7.3CVSS7.3AI score0.00824EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/13 8:38 p.m.0 views

CVE-2026-3839 Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability

Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

7.3CVSS7.3AI score0.00824EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2026/03/09 12:0 a.m.0 views

Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authentication is not required to exploit this vulnerability. The specific flaw exists within the auth-request.php file. The issue results from the lack of proper validation of a user-supplied...

7.3CVSS5.8AI score0.00824EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2025/11/21 12:23 a.m.1 views

SUSE CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

5.3CVSS7.1AI score0.00046EPSS
Exploits0References20
Positive Technologies
Positive Technologiesadded 2025/11/18 12:0 a.m.5 views

PT-2025-47414

Name of the Vulnerable Software and Affected Versions Emby Server versions prior to 4.8.1.0 Emby Server versions prior to 4.9.0.0-beta Description Emby Server is a personal media server. A malicious user can send an authentication request with a manipulated X-Emby-Client value. This value is adde...

8.4CVSS6.7AI score0.00066EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2009-0152

Malware in sbrugna...

4.3CVSS6.1AI score0.00708EPSS
Exploits1References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.0 views

EUVD-1999-1030

Malware in sbrugna...

10CVSS6.4AI score0.00456EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-12383

Malware in sbrugna...

8.8CVSS7.8AI score0.06777EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2002-1267

Malware in sbrugna...

5CVSS6.4AI score0.00371EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2013-0722

Malware in sbrugna...

7.8CVSS6.3AI score0.0186EPSS
Exploits0References5
Rows per page
Query Builder