CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

181 matches found

Tenable Nessus•added 2025/08/19 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-54572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in...

6.9CVSS7.5AI score0.00581EPSS

Exploits0References3

Tenable Nessus•added 2025/08/18 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-25292

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to...

9.8CVSS8.4AI score0.03321EPSS

Exploits1References3

Tenable Nessus•added 2025/08/18 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-25291

9.8CVSS8.4AI score0.20843EPSS

Exploits1References3

RedhatCVE•added 2025/08/02 8:23 p.m.•2 views

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

6.9CVSS6AI score0.00581EPSS

Exploits0References1

Snyk•added 2025/07/30 2:48 p.m.•4 views

XML Entity Expansion

Overview Affected versions of this package are vulnerable to XML Entity Expansion via the messagemaxbytesize setting configured in the decoderawsaml function. An attacker can cause resource exhaustion by submitting a specially crafted large SAML response that is validated for Base64 format before...

8.7CVSS7.2AI score0.00581EPSS

Exploits0References2

NVD•added 2025/07/30 2:15 p.m.•3 views

CVE-2025-54572

6.9CVSS0.00581EPSS

Exploits0References5

OSV•added 2025/07/30 2:15 p.m.•2 views

DEBIAN-CVE-2025-54572

6.9CVSS5.3AI score0.00581EPSS

Exploits0References1

OSV•added 2025/07/30 2:15 p.m.•0 views

UBUNTU-CVE-2025-54572

6.9CVSS7.2AI score0.00581EPSS

Exploits0References6

OSV•added 2025/07/30 2:5 p.m.•1 views

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

6.9CVSS7.2AI score0.00581EPSS

Exploits0References7

Vulnrichment•added 2025/07/30 2:5 p.m.•2 views

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

6.9CVSS6.9AI score0.00581EPSS

Exploits0References4

Cvelist•added 2025/07/30 2:5 p.m.•8 views

CVE-2025-54572 Ruby SAML DOS vulnerability with large SAML response

6.9CVSS0.00581EPSS

Exploits0References4

Debian CVE•added 2025/07/30 2:5 p.m.•5 views

CVE-2025-54572

6.9CVSS5.3AI score0.00581EPSS

Exploits0

Github Security Blog•added 2025/07/30 1:20 p.m.•4 views

Ruby SAML DOS vulnerability with large SAML response

Summary A denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. Details ruby-saml...

6.9CVSS6.6AI score0.00581EPSS

Exploits0References8Affected Software1

OSV•added 2025/07/30 1:20 p.m.•2 views

GHSA-RRQH-93C8-J966 Ruby SAML DOS vulnerability with large SAML response

6.9CVSS7.3AI score0.00581EPSS

Exploits0References8

RubySec•added 2025/07/30 12:0 a.m.•6 views

Ruby SAML DOS vulnerability with large SAML response

6.9CVSS7.3AI score0.00581EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/05/22 12:36 a.m.•6 views

CVE-2015-20108

xmlsecurity.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used...

9.8CVSS7.6AI score0.00395EPSS

Exploits0References1

OSV•added 2025/04/14 11:55 a.m.•12 views

BIT-GITLAB-2025-25293 ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is...

8.7CVSS9.2AI score0.06225EPSS

Exploits1References12

OSV•added 2025/04/14 11:55 a.m.•12 views

BIT-GITLAB-2025-25291 ruby-saml vulnerable to SAML authentication bypass due to DOCTYPE handling (parser differential)

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

9.8CVSS9.3AI score0.20843EPSS

Exploits1References14

OpenVAS•added 2025/04/07 12:0 a.m.•8 views

Debian: Security Advisory (DLA-4115-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.20843EPSS

Exploits3References2

OSV•added 2025/04/05 12:0 a.m.•15 views

DLA-4115-1 ruby-saml - security update

Bulletin has no description...

9.8CVSS6.5AI score0.20843EPSS

Exploits3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by