EUVD-2022-4881

Malicious code in bioql PyPI...

CVE-2025-7045

The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...

CVE-2025-7040

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setorganizationsettings' action of the cssohandleactions function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters fo...

CVE-2025-7040 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action

The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setorganizationsettings' action of the cssohandleactions function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters fo...

CVE-2025-7045 Cloud SAML SSO <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action

The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the deleteconfig action of the cssohandleactions function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any...

PT-2025-36357

Name of the Vulnerable Software and Affected Versions: Cloud SAML SSO plugin for WordPress versions up to and including 1.0.19 Description: The Cloud SAML SSO plugin for WordPress is susceptible to Identity Provider Deletion. A missing capability check on the delete config action within the csso...

Issuer validation regression in Spring Cloud SSO Connector

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

Input validation

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

Telekom Cloud SSO Cross Site Scripting

Document Title: =============== Telekom Cloud SSO - Multiple Persistent XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2021 Incident ID: 20161205FKr02 Vulnerability Magazine:...

McAfee Asset Manager 6.6 - Multiple Vulnerabilities

No description provided by source. Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated arbitrary file rea...

CVE-2014-2586

Cross-site scripting XSS vulnerability in the login audit form in McAfee Cloud Single Sign On SSO allows remote attackers to inject arbitrary web script or HTML via a crafted password...

McAfee Asset Manager 6.6 - Multiple Vulnerabilities

McAfee Asset Manager 6.6 - Multiple Vulnerabilities Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated...

McAfee Asset Manager 6.6 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated...

McAfee Cloud SSO / Asset Manager Issues

Cloud SSO is vuln to unauthed XSS in the authentication audit form: 2. 1. https://twitter.com/BrandonPrry/status/445969380656943104 2. 1. 2. McAfee Asset Manager v6.6 multiple vulnerabilities 3. 4. http://www.mcafee.com/us/products/asset-manager.aspx 5. 6. Authenticated arbitrary file read 7. An...