Lucene search
+L

2406 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like...

7.8CVSS6.3AI score0.00252EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/18 10:5 p.m.8 views

CVE-2026-27964 FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting XSS vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie ...

3.9CVSS5.8AI score0.00104EPSS
Exploits0References2
nvd
nvd
added 2026/05/18 8:16 p.m.11 views

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

6.1CVSS0.00269EPSS
Exploits1References3
cve
cve
added 2026/05/18 7:57 p.m.22 views

CVE-2025-65954

Summary: SimpleSAMLphp casserver versions below 6.3.1 and 7.0.0 are affected by an Open Redirect in the logout endpoint. The logout URL parameter (?url=…) is treated as trusted, causing a redirect to an attacker-controlled site or a logout page linking to that URL, depending on configuration. Aff...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2026/05/18 7:57 p.m.36 views

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS0.00269EPSS
Exploits1References3
euvd
euvd
added 2026/05/18 7:57 p.m.10 views

EUVD-2025-209889

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS5.8AI score0.00269EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/05/18 7:57 p.m.7 views

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS5.8AI score0.00269EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2026/05/18 7:57 p.m.12 views

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS5.8AI score0.00269EPSS
Exploits1References3
osv
osv
added 2026/05/18 7:57 p.m.3 views

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS5.9AI score0.00269EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/05/18 12:0 a.m.11 views

SimpleSAMLphp-casserver 输入验证错误漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible single-signpoint login server module developed by SimpleSAMLphp. Versions prior to 6.3.1 and 7.0.0 of SimpleSAMLphp-casserver contained a vulnerability related to input validation errors. This vulnerability occurred because the...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References1
snyk
snyk
added 2026/05/15 4:21 p.m.14 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the logout process. An attacker can redirect users to arbitrary external websites by supplying a crafted url parameter. This is only exploitable if the configuration option enablelogout is set to true, and is most...

6.1CVSS6AI score0.00269EPSS
Exploits1References2
github
github
added 2026/05/15 4:21 p.m.12 views

SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References6Affected Software1
osv
osv
added 2026/05/15 4:21 p.m.9 views

GHSA-CVRM-5HP6-H523 SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

4.7CVSS5.8AI score0.00269EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/05/15 12:0 a.m.13 views

PT-2026-41385

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp-casserver versions prior to 6.3.1 SimpleSAMLphp-casserver versions prior to 7.0.0 Description The logout endpoint accepts a url query parameter for redirection. The server treats this URL as trusted and, depending on the...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References13
nvd
nvd
added 2026/05/14 5:16 p.m.44 views

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS0.00197EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/14 4:17 p.m.69 views

CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS0.00197EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/14 4:17 p.m.7 views

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/14 4:17 p.m.32 views

CVE-2026-44511

Katalyst Koi (Rails admin framework) had a session-cookie handling flaw: before versions 4.20.0 and 5.6.0, admin session cookies were not invalidated at logout, allowing an attacker with a valid cookie to access admin functionality after logout until expiration or rotation. Affected versions incl...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1
euvd
euvd
added 2026/05/14 4:17 p.m.12 views

EUVD-2026-30329

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/14 4:17 p.m.6 views

CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder