Lucene search
+L

8 matches found

OpenVAS
OpenVAS
added 2025/04/07 12:0 a.m.11 views

Debian: Security Advisory (DLA-4115-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.63792EPSS
Exploits3References2
The Hacker News
The Hacker News
added 2025/03/13 12:26 p.m.36 views

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language SAML authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and...

8.8CVSS9.7AI score0.63792EPSS
Exploits6
NVD
NVD
added 2025/03/12 9:15 p.m.15 views

CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.8CVSS0.19506EPSS
Exploits1References13
Cvelist
Cvelist
added 2025/03/12 8:16 p.m.42 views

CVE-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.3CVSS0.19506EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2025/03/12 8:16 p.m.28 views

CVE-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.3CVSS7AI score0.19506EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2025/03/12 8:16 p.m.13 views

CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.8CVSS7.8AI score0.19506EPSS
Exploits1
CVE
CVE
added 2025/03/12 8:16 p.m.2022 views

CVE-2025-25291

ruby-saml vulnerabilities CVE-2025-25291/25292/25293 relate to a parser differential between ReXML and Nokogiri that enables a Signature Wrapping authentication bypass and related DoS when handling SAML inputs. Affected versions prior to 1.12.4 and 1.18.0 are vulnerable; fixes are shipped in 1.12...

9.8CVSS7AI score0.19506EPSS
Exploits1References13Affected Software2
Circl
Circl
added 2025/03/12 8:7 p.m.9 views

CVE-2025-25291

creationtimestamp| type| source ---|---|--- 2025-03-12 20:07:18+00:00| seen| https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/ 2025-03-12 20:42:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7376 2025-03-13...

9.8CVSS6.8AI score0.19506EPSS
Exploits1References41
Rows per page
Query Builder