131 matches found
CVE-2026-54779 CoreWCF: SAML token replay protection is inoperative
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captur...
CVE-2026-54779
CoreWCF (Windows Communication Foundation port for .NET Core) has a SAML token replay protection flaw prior to versions 1.8.1 and 1.9.1. The issue arises because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be r...
Fixed in Apache Tomcat 9.0.119
Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit a0374c45. This issue was reported to the Tomc...
Fixed in Apache Tomcat 11.0.23
Moderate: Security constraints for default servlet ignored method CVE-2026-55956 If security constraints were specified for the default servlet, any method or method omission configured as part of the constraint was ignored. This was fixed with commit 3f6bd2ba. This issue was reported to the Tomc...
GHSA-C7JM-38GQ-H67H http4k: `ServerFilters.DigestAuth` / `DigestAuthProvider` defaulted to an always-true nonce verifier, disabling replay protection in default deployments
Impact ServerFilters.DigestAuth and the underlying DigestAuthProvider both defaulted their nonceVerifier parameter to true — i.e. every nonce was accepted regardless of value, age, or prior use. Any deployment using the default configuration had no replay protection on Digest authentication; a...
GHSA-9JR3-RJ99-8JQ3 CoreWCF: SAML token replay protection is inoperative
Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Provide your own implementation of ITokenReplayCache with the correct behavior...
CoreWCF: SAML token replay protection is inoperative
Impact When enabling DetectReplayedTokens, a token can be replayed and will be detected despite it being reused. Patches Fixed in CoreWCF v1.8.1 and v1.9.1 Workarounds Provide your own implementation of ITokenReplayCache with the correct behavior...
PT-2026-53777
Impact ServerFilters.DigestAuth and the underlying DigestAuthProvider both defaulted their nonceVerifier parameter to true — i.e. every nonce was accepted regardless of value, age, or prior use. Any deployment using the default configuration had no replay protection on Digest authentication; a...
CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...
EUVD-2026-36525
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from...
CVE-2026-9095
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
PT-2026-45833
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description The SAML source response processor ResponseProcessor.parse fails to validate the Conditions element on assertions. Specifically, NotBefore, NotOnOrAfter, an...
CVE-2026-9095
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
CVE-2026-9095
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
CVE-2026-9095 CVE-2026-9095
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
CVE-2026-9095 CVE-2026-9095
Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...
CVE-2026-9095
Casdoor CVE-2026-9095 affects versions 2.362.0 and earlier. The ParseSamlResponse() in object/saml_sp.go maps retrieved SAML assertions directly to user sessions without replay protection, lacking an assertion ID cache, OneTimeUse enforcement, or replay detection in the SAML SP code path. This en...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of replay protection when mapping SAML assertions to user...
PT-2026-44424
Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.362.1 Description Casdoor maps SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/saml sp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user...