Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.9 views

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 12:30 p.m.5 views

EUVD-2026-14396

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
NVD
NVD
added 2026/03/23 11:16 a.m.6 views

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS0.00281EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:9 a.m.3 views

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References2
CVE
CVE
added 2026/03/23 10:9 a.m.33 views

CVE-2026-28809

CVE-2026-28809 is an XXE vulnerability in esaml and forks where attacker-controlled SAML messages are parsed with xmerl_scan:string/2 before signature verification, allowing local file reads (e.g., Kubernetes secrets) and potential SSRF via crafted messages. The issue stems from XML entity expans...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software4
OSV
OSV
added 2026/03/23 10:9 a.m.3 views

CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS6AI score0.00281EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.14 views

PT-2026-27105

Name of the Vulnerable Software and Affected Versions esaml and its forks affected versions not specified Description The software contains a flaw related to XML External Entity XXE processing. An attacker can potentially read local files and include their contents within processed SAML documents...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/01/22 2:16 a.m.28 views

CVE-2026-23991 go-tuf affected by client DoS via malformed server response

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

5.9CVSS0.0053EPSS
Exploits0References3
Rows per page
Query Builder