EUVD-2026-35889

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

Spring Security 资源管理错误漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There is a resource management vulnerability in Spring Security. This vulnerability arises from the use of spring-security-saml2-service-provider and REDIRECT when...

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

GHSA-4G2H-VM7X-747C esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

PT-2026-27105

Name of the Vulnerable Software and Affected Versions esaml and its forks affected versions not specified Description The software contains a flaw related to XML External Entity XXE processing. An attacker can potentially read local files and include their contents within processed SAML documents...

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. "In the last 24 hours, we have identified a number of cases where the exploit was to a device th...

CVE-2021-41030

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

EUVD-2021-28183

Malicious code in bioql PyPI...

EUVD-2025-14769

Malicious code in bioql PyPI...

Security update for opensaml

This update for opensaml fixes the following issues: CVE-2025-31335: Fixed parameter manipulation allowing forging signed SAML messages bsc1239889 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Security update for opensaml

This update for opensaml fixes the following issues: CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. bsc1239889 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2025-31335

A flaw was found in the OpenSAML C++ library. This vulnerability allows forging signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

DEBIAN-CVE-2025-31335

The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...

USN-7364-1: OpenSAML vulnerability

Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. An attacker could possibly use this issue to gain unauthorized access to a system and manipulate sensitive information...

PT-2025-13434 · Unknown +1 · Opensaml C++ Library +1

Name of the Vulnerable Software and Affected Versions: OpenSAML C++ library versions prior to 3.3.1 Description: The issue allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. Recommendations: For versions prior to 3.3.1, upda...

shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages

The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which corrects a parameter manipulation vulnerability when using SAML bindings that rely on non-XML signatures. The Shibboleth Service Provider is impacted by this issue, and it manifests as a critical...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...

Authentication Bypass

com.linecorp.armeria: armeria-saml is vulnerable to Authentication Bypass. The vulnerability is due to improper filtering of SAML messages, allowing attackers to craft malicious messages to bypass authentication functionality...

CVE-2024-1735

A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later...