CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6887 matches found

RedhatCVE•added 2025/12/10 3:26 a.m.•3 views

CVE-2025-66578

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2’s canonicalization is invoked on an invalid XML...

7.5CVSS6.8AI score0.00032EPSS

Exploits1References1

RedhatCVE•added 2025/12/10 2:32 a.m.•4 views

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

9.3CVSS7AI score0.00048EPSS

Exploits0References1

NVD•added 2025/12/09 4:18 p.m.•3 views

CVE-2025-66568

9.3CVSS0.00048EPSS

Exploits0References2

NVD•added 2025/12/09 4:18 p.m.•1 views

CVE-2025-66578

7.5CVSS0.00032EPSS

Exploits1References3

OSV•added 2025/12/09 4:18 p.m.•2 views

UBUNTU-CVE-2025-66568

9.3CVSS5.9AI score0.00048EPSS

Exploits0References4

CVE•added 2025/12/09 2:41 a.m.•12 views

CVE-2025-66578

CVE-2025-66578 affects robrichards/xmlseclibs (PHP) up to version 3.1.3. The root cause is a flaw in libxml2 canonicalization during document transformation: when canonicalizing invalid XML input, libxml2 may return an empty string instead of a canonicalized node. xmlseclibs then computes the Dig...

7.5CVSS6.6AI score0.00032EPSS

Exploits1References3Affected Software1

OSV•added 2025/12/09 2:41 a.m.•2 views

CVE-2025-66578 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

6CVSS6.9AI score0.00032EPSS

Exploits1References5

Vulnrichment•added 2025/12/09 2:41 a.m.•1 views

CVE-2025-66578 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

6CVSS6.7AI score0.00032EPSS

Exploits1References3

EUVD•added 2025/12/09 2:41 a.m.•2 views

EUVD-2025-201790

6CVSS6.5AI score0.00032EPSS

Exploits1References4

Cvelist•added 2025/12/09 2:3 a.m.•25 views

CVE-2025-66568 ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation

9.3CVSS0.00048EPSS

Exploits0References2

Debian CVE•added 2025/12/09 2:3 a.m.•5 views

CVE-2025-66568

9.3CVSS5.5AI score0.00048EPSS

Exploits0

EUVD•added 2025/12/09 2:3 a.m.•1 views

EUVD-2025-201828

9.3CVSS6.7AI score0.00048EPSS

Exploits0References3

CVE•added 2025/12/09 2:3 a.m.•16 views

CVE-2025-66568

CVE-2025-66568 affects the ruby-saml library (client-side SAML) with versions up to 1.12.4 vulnerable to authentication bypass via libxml2 canonicalization used by Nokogiri. On invalid XML input, canonicalization can return an empty string, causing DigestValue to be computed over that empty strin...

9.3CVSS6.8AI score0.00048EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/12/09 12:0 a.m.•2 views

PT-2025-49775

Name of the Vulnerable Software and Affected Versions ruby-saml versions through 1.12.4 Description The ruby-saml library, which handles SAML authorization on the client side, has a flaw that could allow an attacker to bypass authentication. This is due to how the library processes XML data using...

9.3CVSS6.6AI score0.00048EPSS

Exploits0References11

Positive Technologies•added 2025/12/09 12:0 a.m.•3 views

PT-2025-49776

Name of the Vulnerable Software and Affected Versions xmlseclibs versions prior to 3.1.4 Description xmlseclibs is a PHP library used for XML Encryption and Signatures. Versions of the library before 3.1.4 contain a flaw in the libxml2 canonicalization process during document transformation that...

7.5CVSS6.8AI score0.00032EPSS

Exploits1References7

CNNVD•added 2025/12/09 12:0 a.m.•2 views

Xmlseclibs 安全漏洞

Xmlseclibs is a library written in PHP that handles XML encryption and signing. A security vulnerability exists in Xmlseclibs version 3.1.3, which stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...

7.5CVSS6.7AI score0.00032EPSS

Exploits1References4

CNNVD•added 2025/12/09 12:0 a.m.•1 views

Ruby SAML 数据伪造问题漏洞

Ruby SAML is a SAML-Toolkits open source implementation of a SAML authorization client. Ruby SAML 1.12.4 and prior versions suffer from a Data Forgery Issue vulnerability that stems from a flaw in the libxml2 normalization process that could lead to authentication bypass...

9.3CVSS6.5AI score0.00048EPSS

Exploits0References2

Github Security Blog•added 2025/12/08 10:3 p.m.•3 views

Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...

9.3CVSS7.3AI score0.00048EPSS

Exploits0References5Affected Software1

OSV•added 2025/12/08 10:3 p.m.•4 views

GHSA-X4H9-GWV3-R4M4 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

9.3CVSS7.2AI score0.00048EPSS

Exploits0References5

OSV•added 2025/12/08 5:57 p.m.•2 views

GHSA-C4CC-X928-VJW9 robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation

Summary An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created...

6CVSS7AI score0.00032EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by