8 matches found
CVE-2026-28809
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
EUVD-2026-14396
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
CVE-2026-28809
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
CVE-2026-28809
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
CVE-2026-28809
CVE-2026-28809 is an XXE vulnerability in esaml and forks where attacker-controlled SAML messages are parsed with xmerl_scan:string/2 before signature verification, allowing local file reads (e.g., Kubernetes secrets) and potential SSRF via crafted messages. The issue stems from XML entity expans...
CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF
XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...
PT-2026-27105
Name of the Vulnerable Software and Affected Versions esaml and its forks affected versions not specified Description The software contains a flaw related to XML External Entity XXE processing. An attacker can potentially read local files and include their contents within processed SAML documents...
CVE-2026-23991 go-tuf affected by client DoS via malformed server response
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...