CVE-2022-26493

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

F5 Networks BIG-IP : BIG-IP APM and SSL Orchestrator vulnerability (K000148816)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000148816 advisory. When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service...

EUVD-2023-30091

Malicious code in bioql PyPI...

EUVD-2023-46364

Malicious code in bioql PyPI...

CVE-2023-41873

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

CVE-2025-24749

Cross-Site Request Forgery CSRF vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On SSO allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On SSO: from n/a through 1.2.5...

CVE-2025-24749

Cross-Site Request Forgery CSRF vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On SSO allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On SSO: from n/a through 1.2.5...

CVE-2025-24749

CVE-2025-24749 affects the WordPress plugin EZPZ SAML SP Single Sign On (SSO) for versions 1.2.5 and earlier. The provided documents describe a CSRF vulnerability in this plugin, with PatchStack and CVE listings also noting a CSRF to Stored XSS vector. Root cause details are not explicitly enumer...

CVE-2025-24749 WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On SSO allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On SSO: from n/a through 1.2.5...

CVE-2025-24749 WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On SSO allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On SSO: from n/a through 1.2.5...

CVE-2023-41873

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

WordPress plugin SAML SP Single Sign On 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress EZPZ SAML SP Single Sign On (SSO) plugin <= 1.2.5 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin EZPZ SAML SP Single Sign On SSO versions = 1.2.5...

WordPress SAML SP Single Sign On Plugin <= 5.0.4 is vulnerable to Broken Access Control

Software SAML SP Single Sign On Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3a9125d095f6 Credits Abdi Pranata Required...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

Xxe

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...

php-saml-sp 代码问题漏洞

php-saml-sp is a SAML Service Provider SP. SAML authentication can be used from existing PHP applications. A security vulnerability exists in php-saml-sp versions prior to 2.1.1 2.x, 1.1.1 1.x and prior to 1.1.1 1.x, which originated from a vulnerability that allows arbitrary files to be read as...