CVE-2026-28809 XXE in esaml SAML library allows local file read and potential SSRF

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure FTD Software 安全特征问题漏洞

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure FTD Software are products of Cisco, a company based in the United States. Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software. Cisco Secure FTD Software is the core software platform for...

EUVD-2016-6686

Malware in sbrugna...

CVE-2020-5390

A verification flaw was found in python-pysaml2, where it did not check that the signature in a SAML document was enveloped, which enabled XML signature wrapping XSW attacks. A remote attacker could exploit this flaw to convince SAML processing to verify the signature and accept malicious data...

CVE-2016-5751

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials...

CVE-2016-5751

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials...

CVE-2016-5751

An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials...