CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1569

Malware in sbrugna...

7.5CVSS7.5AI score0.00467EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-7124

Malicious code in bioql PyPI...

8.1CVSS8AI score0.04646EPSS

Exploits1References6

vulnersOsv•added 2025/07/28 8:38 p.m.•3 views

@3wks/gae-node-nestjs (>=0.1.0 <=6.0.0-rc.0), @aeroline_1025/hapi-corpsso (>=2.1.3 <=2.3.0) +111 more potentially affected by CVE-2025-54419 via passport-saml (>=0.12.0 <=3.2.4)

passport-saml NPM version =0.12.0, =0.1.0, =2.1.3, =0.0.2, =1.0.0, =4.0.0, =0.0.0-nightly-2020972106, =0.0.0-nightly-202201422556, =0.1.0, =0.1.0, =0.4.0, =0.2.1, =0.35.0, =0.44.5 and more Source cves: CVE-2025-54419 Source advisory: OSV:GHSA-4MXG-3P6V-XGQ3...

10CVSS5.8AI score0.00137EPSS

Exploits0

RedhatCVE•added 2025/05/22 8:43 p.m.•3 views

CVE-2021-39171

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant system resources to process, thereby resulting in reduced or denied service. This would be an...

7.5CVSS6.9AI score0.00467EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 7:35 p.m.•10 views

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

8.1CVSS7.2AI score0.04646EPSS

Exploits1References1

IBM Security Bulletins•added 2024/08/08 2:33 p.m.•20 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )

Summary Passport-saml is used by IBM Cloud Pak for Data for SAML authentication. CVE-2022-39299. Vulnerability Details CVEID:CVE-2022-39299 DESCRIPTION: Node.js passport-saml module could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic...

8.1CVSS8.4AI score0.04646EPSS

Exploits1Affected Software1

GithubExploit•added 2022/10/31 1:24 p.m.•819 views

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml

Exploiting CVE-2022-39299 Signature bypass via multiple ro...

8.1CVSS8.4AI score0.04646EPSS

Exploits1

Veracode•added 2022/10/14 11:0 a.m.•37 views

Improper Verification Of Cryptographic Signature

Passport-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts...

8.1CVSS8.9AI score0.04646EPSS

Exploits1References6Affected Software1

NVD•added 2022/10/13 10:15 p.m.•9 views

CVE-2022-39300

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...

8.1CVSS0.00153EPSS

Exploits0References2

Cvelist•added 2022/10/13 12:0 a.m.•17 views

CVE-2022-39300 Signature bypass via multiple root elements in node-SAML

7.7CVSS8.5AI score0.00153EPSS

Exploits0References2

CNNVD•added 2022/10/13 12:0 a.m.•3 views

node-saml 数据伪造问题漏洞

node-saml is a SAML library that does not depend on any framework running in Node.js. A data forgery issue vulnerability exists in versions prior to node-saml 4.0.0-beta.5, which can be exploited by an attacker to bypass SAML authentication on a website using passport-saml...

8.1CVSS7.7AI score0.00153EPSS

Exploits0References3

OSV•added 2022/10/12 10:5 p.m.•16 views

GHSA-5P8W-2MVW-38PV Signature bypass via multiple root elements

Impact A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks e.g without access to a valid user...

8.1CVSS8AI score0.00153EPSS

Exploits0References4

vulnersOsv•added 2022/10/12 10:5 p.m.•1 views

@3wks/gae-node-nestjs (>=0.1.0 <=6.0.0-rc.0), @aeroline_1025/hapi-corpsso (>=2.1.3 <=2.3.0) +73 more potentially affected by CVE-2022-39299 via passport-saml (>=0.12.0 <=3.2.0)

passport-saml NPM version =0.12.0, =0.1.0, =2.1.3, =1.0.0, =4.0.0, =0.0.0-nightly-2020972106, =3.4.2, =0.1.0, =1.0.0, =1.0.0, =2.4.0, =7.1.1, =6.2.2, =1.1.109, =1.3.78 and more Source cves: CVE-2022-39299 Source advisory: OSV:GHSA-M974-647V-WHV7...

8.1CVSS7.2AI score0.04646EPSS

Exploits1