CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

CVE-2026-48895

CVE-2026-48895 describes an open redirect in Apache APISIX (affected versions 3.0.0–3.16.0). The issue allows manipulation of certain client headers to redirect to an untrusted site, with potential exposure of session tokens. The advisory recommends upgrading to version 3.17.0, which contains the...

7.2CVSS5.8AI score0.00298EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/09 11:0 p.m.•8 views

EUVD-2026-35871

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS5.5AI score0.00422EPSS

Exploits0References3

Github Security Blog•added 2026/05/27 9:11 p.m.•16 views

Symfony's Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Cas2Handler builds this service parameter from Request::getSchemeAndHttpHost, which reflects the attacker-controlled HTTP Host header whenever Symfony's framework.trustedhosts setting is not configured the default. An attacker who controls any other application registered with the same CAS server...

5.8AI score0.00064EPSS

Exploits0References6Affected Software2

RedhatCVE•added 2026/02/06 1:26 a.m.•4 views

CVE-2026-1554

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

4.2CVSS5.4AI score0.00152EPSS

Exploits0References1

NVD•added 2026/02/04 9:15 p.m.•6 views

CVE-2026-1554

4.2CVSS0.00152EPSS

Exploits0References1

Cvelist•added 2026/02/04 8:26 p.m.•27 views

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

0.00152EPSS

Exploits0References1

ATTACKERKB•added 2026/02/04 8:26 p.m.•4 views

CVE-2026-1554

5.4AI score0.00152EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/04 8:26 p.m.•4 views

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

5.4AI score0.00152EPSS

Exploits0References1

EUVD•added 2026/02/04 8:26 p.m.•6 views

EUVD-2026-5352

4.2CVSS5.4AI score0.00152EPSS

Exploits0References1

CVE•added 2026/02/04 8:26 p.m.•10 views

CVE-2026-1554

CVE-2026-1554 is an XML Injection (Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server. The issue affects CAS Server on Drupal and is triggered by insufficient sanitization of XML data used as CAS attributes, enabling privilege escalation. Public details indi...

4.2CVSS5.4AI score0.00152EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/04 12:0 a.m.•5 views

Drupal Central Authentication System Server 安全漏洞

The Drupal Central Authentication System Server is a CAS authentication center module developed by the Drupal company. Versions prior to 2.0.3 and 2.1.2 of the Drupal Central Authentication System Server had security vulnerabilities. These vulnerabilities were caused by XML injection, which could...

4.2CVSS5.8AI score0.00152EPSS

Exploits0References1

OSV•added 2026/01/28 5:29 p.m.•4 views

DRUPAL-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

4.2CVSS5.9AI score0.00152EPSS

Exploits0References1

Drupal•added 2026/01/28 12:0 a.m.•12 views

Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

4.2CVSS5.6AI score0.00152EPSS

Exploits0References1

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5243

Name of the Vulnerable Software and Affected Versions Drupal Central Authentication System CAS Server versions prior to 2.0.3 Drupal Central Authentication System CAS Server versions 2.1.0 through 2.1.1 Description The Central Authentication System CAS Server module for Drupal does not adequately...

4.2CVSS5.7AI score0.00152EPSS

Exploits0References8

RedhatCVE•added 2025/10/28 11:54 a.m.•3 views

CVE-2025-12266

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

6.5CVSS6.8AI score0.00313EPSS

Exploits0References1

EUVD•added 2025/10/27 12:32 p.m.•5 views

EUVD-2025-36162

6.5CVSS6.4AI score0.00313EPSS

Exploits0References5

NVD•added 2025/10/27 11:15 a.m.•3 views

CVE-2025-12266

6.5CVSS0.00313EPSS

Exploits0References4

Cvelist•added 2025/10/27 11:2 a.m.•11 views

CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

6.5CVSS0.00313EPSS

Exploits0References4

Vulnrichment•added 2025/10/27 11:2 a.m.•2 views

CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

6.5CVSS6.4AI score0.00313EPSS

Exploits0References4

CVE•added 2025/10/27 11:2 a.m.•9 views

CVE-2025-12266

CVE-2025-12266 affects Zytec Dalian Zhuoyun Technology Central Authentication Service. The vulnerability is in the function _empty of /index.php/auth/widget; manipulation of the parameters get.layer, get.widget, and get.action can trigger remote code injection. The exploit is public and can be us...

6.5CVSS6.6AI score0.00313EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by