EUVD-2012-5274

Malware in sbrugna...

EUVD-2018-1543

Malware in sbrugna...

EUVD-2022-2731

Malicious code in bioql PyPI...

SUSE SLES15 Security Update : opensaml (SUSE-SU-2025:01500-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01500-1 advisory. - CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. bsc1239889 Tenable has extracted the...

K000151066: OpenSAML vulnerability CVE-2025-31335

Security Advisory Description The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. CVE-2025-31335 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

CVE-2025-31335

The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...

CVE-2025-31335

CVE-2025-31335 affects the OpenSAML C++ library prior to 3.3.1, where parameter manipulation can forge signed SAML messages for bindings that rely on non-XML signatures. The issue is confirmed in multiple feeds referencing OpenSAML

Exploit for CVE-2024-32962

Poc-CVE-2024-32962-xml-crypto A simulation of an atta...

[SECURITY] [DSA 5879-1] opensaml security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5879-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 16, 2025 https://www.debian.org/security/faq -...

FreeBSD : shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages (0b43fac4-005d-11f0-a540-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b43fac4-005d-11f0-a540-6cc21735f730 advisory. The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2024-51489

Ampache (web-based audio/video streaming app and file manager) is affected by an insufficient CSRF token validation in its messaging feature. The root cause is the current token parsing/validation logic not adequately validating CSRF tokens when users send messages to one another, enabling potent...

CVE-2023-29389

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...

CVE-2022-39246 matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions

matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others...

GHSA-XX36-6RV4-GJ8R ecdsa-elixir fails to check signatures, vulnerable to message forging

Summary Stark Bank is a financial technology company that provides services to simplify and automate digital banking, by providing APIs to perform operations such as payments and transfers. In addition, Stark Bank maintains a number of cryptographic libraries to perform cryptographic signing and...

CVE-2021-30478

Summary: CVE-2021-30478 affects Zulip Server before 3.4. A bug in the can_forge_sender permission (formerly is_api_super_user) allows users with that permission to send messages that appear to come from a system bot, including to other organizations on the same Zulip deployment. The issue is root...

FusionAuth SAML v 2 0.2.3 Message Forging Vulnerability

Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement...

FusionAuth-SAMLv2 0.2.3 Message Forging

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SAML v2.0 bindings in Java using JAXB Vendor: FusionAuth CSNC ID: CSNC-2020-002 CVE ID: CVE-2020-12676 Subject: Signature Exclusion Attack Risk: High Effect: Remotely exploitable Author: Felix Sieges Date:...

Code injection

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...

CVE-2011-4625

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...