Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

65 matches found

RedhatCVE
RedhatCVEadded 2026/06/11 2:59 a.m.10 views

CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

5.3CVSS5.5AI score0.00137EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/10 12:31 a.m.7 views

EUVD-2026-35889

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS5.5AI score0.00137EPSS
Exploits0References2
NVD
NVDadded 2026/06/10 12:16 a.m.14 views

CVE-2026-41694

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

5.3CVSS0.00137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/06/10 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME...

3.7CVSS5.7AI score0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/09 11:47 p.m.6 views

CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS5.5AI score0.00137EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/09 11:47 p.m.33 views

CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS0.00137EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 11:47 p.m.23 views

CVE-2026-41694

Summary: CVE-2026-41694 affects Spring Security SAML, where SAML Responses and parts of LogoutRequests/LogoutResponses are decrypted without requiring a valid signature. This enables an attacker to craft SAML payloads and use the Service Provider as a decryption oracle. Affected versions (per sou...

5.3CVSS5.5AI score0.00137EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/09 12:0 a.m.11 views

PT-2026-48310

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.23 Spring Security versions 5.8.0 through 5.8.25 Spring Security versions 6.3.0 through 6.3.16 Spring Security versions 6.4.0 through 6.4.16 Spring Security versions 6.5.0 through 6.5.10 Spring Securi...

5.3CVSS5.2AI score0.00137EPSS
Exploits0References4
Snyk
Snykadded 2026/06/09 12:0 a.m.3 views

Information Exposure

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Information Exposure via SAML message decryption prior to signature validation. An attacker can use the Service Provid...

6.3CVSS5.4AI score0.00137EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.7 views

EUVD-2017-4610

Malware in sbrugna...

7.8CVSS7.8AI score0.00455EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.7 views

EUVD-2017-4609

Malware in sbrugna...

7.8CVSS7.8AI score0.00455EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2018-6436

Malware in sbrugna...

6.5CVSS6.3AI score0.01404EPSS
Exploits0References16
EUVD
EUVDadded 2025/10/03 8:7 p.m.6 views

EUVD-2022-28751

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.0025EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2024/05/11 12:0 a.m.22 views

RHEL 5 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - wpasupplicant:...

7.9AI score0.02388EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2023/10/21 12:0 a.m.42 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerability (USN-3745-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3745-1 advisory. It was discovered that wpasupplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access...

6.5CVSS6.6AI score0.01404EPSS
Exploits0References2
OSV
OSVadded 2023/03/09 10:13 a.m.13 views

SUSE-SU-2023:0684-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed bsc1207533. - CVE-2023-0215: Fixed a use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4304: Fixed a timing oracle in RSA decryption bsc1207534. The following...

7.5CVSS6.9AI score0.59501EPSS
Exploits0References9
SUSE CVE
SUSE CVEadded 2023/02/15 4:25 a.m.3 views

SUSE CVE-2018-14526

An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...

5.9CVSS6.9AI score0.01404EPSS
Exploits0References13
OSV
OSVadded 2022/04/27 5:15 p.m.5 views

CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...

6.8CVSS5.8AI score0.0025EPSS
Exploits0References2
NVD
NVDadded 2022/04/27 5:15 p.m.24 views

CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...

6.8CVSS0.0025EPSS
Exploits0References2
Prion
Prionadded 2022/04/27 5:15 p.m.21 views

Authentication flaw

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...

4.4CVSS6.5AI score0.0025EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder