CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

Github Security Blog•added 2026/05/27 9:11 p.m.•10 views

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

5.8AI score

Exploits0References6Affected Software2

RedhatCVE•added 2026/02/06 1:26 a.m.•2 views

CVE-2026-1554

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

4.2CVSS5.4AI score0.00049EPSS

Exploits0References1

NVD•added 2026/02/04 9:15 p.m.•3 views

CVE-2026-1554

4.2CVSS0.00049EPSS

Exploits0References1

Vulnrichment•added 2026/02/04 8:26 p.m.•4 views

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

5.4AI score0.00049EPSS

Exploits0References1

EUVD•added 2026/02/04 8:26 p.m.•3 views

EUVD-2026-5352

4.2CVSS5.4AI score0.00049EPSS

Exploits0References1

Cvelist•added 2026/02/04 8:26 p.m.•23 views

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

0.00049EPSS

Exploits0References1

CVE•added 2026/02/04 8:26 p.m.•5 views

CVE-2026-1554

CVE-2026-1554 is an XML Injection (Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server. The issue affects CAS Server on Drupal and is triggered by insufficient sanitization of XML data used as CAS attributes, enabling privilege escalation. Public details indi...

4.2CVSS5.4AI score0.00049EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/04 8:26 p.m.•2 views

CVE-2026-1554

5.4AI score0.00049EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/02/04 12:0 a.m.•4 views

Drupal Central Authentication System Server 安全漏洞

The Drupal Central Authentication System Server is a CAS authentication center module developed by the Drupal company. Versions prior to 2.0.3 and 2.1.2 of the Drupal Central Authentication System Server had security vulnerabilities. These vulnerabilities were caused by XML injection, which could...

4.2CVSS5.8AI score0.00049EPSS

Exploits0References1

OSV•added 2026/01/28 5:29 p.m.•4 views

DRUPAL-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

4.2CVSS5.9AI score0.00049EPSS

Exploits0References1

Positive Technologies•added 2026/01/28 12:0 a.m.•3 views

PT-2026-5243

Name of the Vulnerable Software and Affected Versions Drupal Central Authentication System CAS Server versions prior to 2.0.3 Drupal Central Authentication System CAS Server versions 2.1.0 through 2.1.1 Description The Central Authentication System CAS Server module for Drupal does not adequately...

4.2CVSS5.7AI score0.00049EPSS

Exploits0References8

Drupal•added 2026/01/28 12:0 a.m.•7 views

Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

4.2CVSS5.6AI score0.00049EPSS

Exploits0References1

RedhatCVE•added 2025/10/28 11:54 a.m.•1 views

CVE-2025-12266

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS6.8AI score0.0005EPSS

Exploits0References1

EUVD•added 2025/10/27 12:32 p.m.•2 views

EUVD-2025-36162

6.5CVSS6.4AI score0.0005EPSS

Exploits0References5

NVD•added 2025/10/27 11:15 a.m.•2 views

CVE-2025-12266

6.5CVSS0.0005EPSS

Exploits0References4

Cvelist•added 2025/10/27 11:2 a.m.•7 views

CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

6.5CVSS0.0005EPSS

Exploits0References4

Vulnrichment•added 2025/10/27 11:2 a.m.•2 views

CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

6.5CVSS6.4AI score0.0005EPSS

Exploits0References4

CVE•added 2025/10/27 11:2 a.m.•5 views

CVE-2025-12266

CVE-2025-12266 affects Zytec Dalian Zhuoyun Technology Central Authentication Service. The vulnerability is in the function _empty of /index.php/auth/widget; manipulation of the parameters get.layer, get.widget, and get.action can trigger remote code injection. The exploit is public and can be us...

6.5CVSS6.6AI score0.0005EPSS

Exploits0References4

CNNVD•added 2025/10/27 12:0 a.m.•2 views

Zytec Central Authentication Service 代码注入漏洞

Zytec Central Authentication Service is a centralized authentication service from China's Zhuo Yun Zytec Company. A code injection vulnerability exists in Zytec Central Authentication Service 20251009 and earlier versions, which stems from incorrect manipulation of the parameters get.layer,...

6.5CVSS7AI score0.0005EPSS

Exploits0References4

RedHat Linux•added 2025/10/09 8:4 a.m.•2 views

Important: Red Hat Security Advisory: idm:DL1 security update

An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.6AI score0.00112EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by