CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 9:18 a.m.•6 views

CVE-2025-61782

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML authentication endpoint /auth/saml/callback. By manipulating the RelayState parameter, an attacker can...

5.4CVSS7AI score0.0022EPSS

NVD•added 2026/01/08 3:15 p.m.•11 views

CVE-2026-22032

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the RelayState parameter is intended to preserve the user's original...

6.1CVSS0.00196EPSS

Cvelist•added 2026/01/08 2:32 p.m.•23 views

CVE-2026-22032 Directus has open redirect in SAML

4.3CVSS0.00196EPSS

Vulnrichment•added 2026/01/08 2:32 p.m.•2 views

CVE-2026-22032 Directus has open redirect in SAML

4.3CVSS7.2AI score0.00196EPSS

CVE•added 2026/01/08 2:32 p.m.•14 views

CVE-2026-22032

Directus before v11.14.0 has an open redirect in the SAML authentication callback endpoint. The RelayState used to preserve the original destination is not validated for the callback, enabling an attacker to redirect users to an arbitrary external URL after login completion. The issue affects bot...

6.1CVSS7.2AI score0.00196EPSS

Exploits0References2Affected Software1

OSV•added 2026/01/08 2:32 p.m.•6 views

CVE-2026-22032 Directus has open redirect in SAML

4.3CVSS7.3AI score0.00196EPSS

Exploits0References4

NVD•added 2026/01/07 6:15 p.m.•6 views

CVE-2025-61782

6.1CVSS0.0022EPSS

Vulnrichment•added 2026/01/07 5:28 p.m.•6 views

CVE-2025-61782 Open Redirect in OpenCTI's SAML Authentication Flow

5.4CVSS6.7AI score0.0022EPSS

OSV•added 2026/01/07 5:28 p.m.•4 views

CVE-2025-61782 Open Redirect in OpenCTI's SAML Authentication Flow

5.4CVSS6.9AI score0.0022EPSS

Exploits0References5

EUVD•added 2026/01/07 5:28 p.m.•6 views

EUVD-2025-206265

5.4CVSS6.5AI score0.0022EPSS

CNNVD•added 2026/01/07 12:0 a.m.•3 views

OpenCTI 输入验证错误漏洞

OpenCTI is an open source cyber threat intelligence platform from OpenCTI. An input validation error vulnerability exists in OpenCTI versions prior to 6.8.3 that stems from improper manipulation of the RelayState parameter in the SAML authentication endpoint, which could lead to an open redirecti...

6.1CVSS6.6AI score0.0022EPSS

Positive Technologies•added 2026/01/07 12:0 a.m.•8 views

PT-2026-1834

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.8.3 Description OpenCTI is a platform for managing cyber threat intelligence knowledge. A flaw exists in the SAML authentication endpoint /auth/saml/callback that allows for open redirection. Manipulating the...

6.1CVSS6.6AI score0.0022EPSS

Exploits0References8

OSV•added 2026/01/06 7:22 p.m.•4 views

GHSA-3573-4C68-G8CC Directus has open redirect in SAML

Security Advisory: Open Redirect in Directus SAML Authentication Summary An open redirect vulnerability exists in the Directus SAML authentication callback endpoint. The RelayState parameter is used in redirects without proper validation against an allowlist of permitted domains. Vulnerability...

4.3CVSS7AI score0.00196EPSS

Exploits0References4

Veracode•added 2025/12/17 12:31 p.m.•5 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to Improper Authorization. The vulnerability is due to failure to verify whether a user has permission to join a Mattermost team when processing the original invite token, which allows an attacker to manipulate the RelayState parameter and joi...

8.1CVSS6.5AI score0.00307EPSS

Exploits0References5Affected Software2

SUSE CVE•added 2025/11/09 12:24 a.m.•3 views

SUSE CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00307EPSS

RedhatCVE•added 2025/10/28 1:49 p.m.•6 views

CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

6.4CVSS6AI score0.00185EPSS

EUVD•added 2025/10/27 3:30 p.m.•5 views

EUVD-2025-36169

5.5AI score0.00185EPSS

NVD•added 2025/10/27 2:15 p.m.•4 views

CVE-2025-50055

6.4CVSS0.00185EPSS

CVE•added 2025/10/27 1:39 p.m.•35 views

CVE-2025-50055

OpenVPN Access Server 2.14.0–2.14.3 exposes an XSS vulnerability in the SAML Authentication module via the RelayState parameter. The issue allows an attacker-controlled RelayState to inject arbitrary script/HTML, potentially leading to client-side impact. The CVE description in official records n...

6.4CVSS5.6AI score0.00185EPSS