GHSA-5J8P-438X-RGG5 SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475

Summary There is a critical vulnerability on xmlseclibs CVE-2025-66475, a dependency of php-saml Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs: - 2.21.1 - 3.8.1 - 4.3.1 Impact Signature Wrapping Vulnerabilities allows an attacker to impersonat...

SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475

Summary There is a critical vulnerability on xmlseclibs CVE-2025-66475, a dependency of php-saml Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs: - 2.21.1 - 3.8.1 - 4.3.1 Impact Signature Wrapping Vulnerabilities allows an attacker to impersonat...

EUVD-2023-30091

Malicious code in bioql PyPI...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

Authentication Bypass Via Signature Wrapping

onelogin/php-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation, which allows a malicious user to bypass authentication through signature wrapping...

onelogin/php-saml signature wrapping attacks

Vulnerability in onelogin/php-saml versions prior to 2.10.0 allows signature Wrapping attacks which may result in a malicious user gaining unauthorized access to a system...

GHSA-G48F-PGWH-WWXX onelogin/php-saml signature wrapping attacks

Vulnerability in onelogin/php-saml versions prior to 2.10.0 allows signature Wrapping attacks which may result in a malicious user gaining unauthorized access to a system...

GHSA-9WRW-P9RM-R782 onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.

In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature algorithm used. The opensslverify function returns 1 when the signature was...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

Xxe

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

php-saml-sp 代码问题漏洞

php-saml-sp is a SAML Service Provider SP. SAML authentication can be used from existing PHP applications. A security vulnerability exists in php-saml-sp versions prior to 2.1.1 2.x, 1.1.1 1.x and prior to 1.1.1 1.x, which originated from a vulnerability that allows arbitrary files to be read as...

CVE-2023-26267

The vulnerability CVE-2023-26267 affects php-saml-sp in versions before 1.1.1 and 2.x before 2.1.1. It allows reading arbitrary files as the webserver user because XML external entities are silently resolved via LIBXML_DTDLOAD and LIBXML_DTDATTR. No exploitation details are provided in the source...

SugarCRM php-saml Vulnerability

SugarCRM is prone to a signature validation vulnerability in php-saml. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora 26 : php-onelogin-php-saml (2017-8e4c14eeec)

Update to 2.10.5 ---- Update to 2.10.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

Fedora 24 : php-onelogin-php-saml (2017-68cdc567e9)

Update to 2.10.5 ---- Update to 2.10.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

Fedora Update for php-onelogin-php-saml FEDORA-2017-68cdc567e9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : php-onelogin-php-saml (2017-06f4b88ceb)

Update to 2.10.5 ---- Update to 2.10.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

Fedora Update for php-onelogin-php-saml FEDORA-2017-06f4b88ceb

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...