Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/05/07 3:0 a.m.8 views

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

8.2CVSS5.7AI score0.00191EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/29 9:56 p.m.9 views

Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests

Summary The Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on failure rather than throwing exceptions, but the developer believed i...

8.2CVSS6.1AI score0.00191EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2025/03/04 2:27 a.m.10 views

Improper JWT Signature Validation

jupyterhub-ltiauthenticator is vulnerable to improper JWT signature validation. The vulnerability is due to missing JWT signature validation in LTI13Authenticator, allowing forged authentication requests to be accepted...

10CVSS6.8AI score0.00328EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-5108

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different...

7.4CVSS7.5AI score0.10114EPSS
Exploits1References9
OSV
OSV
added 2019/12/12 10:15 p.m.1 views

UBUNTU-CVE-2019-5061

An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table...

7.4CVSS6.9AI score0.0092EPSS
Exploits0References3
Rows per page
Query Builder