CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

78 matches found

CVE•added 2026/05/28 4:31 p.m.•24 views

CVE-2026-9098

Casdoor versions up to 2.362.0 expose a SAML flaw: the /api/acs callback accepts any well-formed SAMLResponse without tying it to a prior AuthnRequest. If an administrator disables or deletes an IdP during a flow, the handler still uses the initial provider snapshot, enabling unsolicited SAML res...

9.1CVSS5.8AI score0.00024EPSS

Exploits0References1

Vulnrichment•added 2026/05/28 4:21 p.m.•5 views

CVE-2026-9093 CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

5.8AI score0.00054EPSS

Exploits0References1

NVD•added 2026/02/12 8:16 p.m.•5 views

CVE-2026-25922

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under...

8.8CVSS0.00012EPSS

Exploits0References4

Tenable Nessus•added 2026/01/20 12:0 a.m.•3 views

MiracleLinux 8 : grafana-7.3.6-2.el8 (AXSA:2021-2087:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2087:03 advisory. crewjam/saml: authentication bypass in saml authentication CVE-2020-27846 grafana: XSS via a query alias for the Elasticsearch and Testdata datasour...

10CVSS8.2AI score0.07544EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 10:49 a.m.•4 views

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

9.8CVSS7AI score0.00914EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:0 a.m.•4 views

CVE-2023-29129

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions = V1.17.3 = V1.16.4 = V2.3.0 = V2.2.0 = V3.3.1 = V3.1.9 = V3.3.0 = V3.1.8 = V3.3.1 = V3.3.0 = V3.1.9 = V3.1.8 V3.2.6. The affected versions of the module insufficiently verify the SAML assertions. This could allow...

9.8CVSS7.3AI score0.00092EPSS

Exploits0References1

RedhatCVE•added 2025/11/06 3:2 p.m.•2 views

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this...

7.5CVSS6.2AI score0.00149EPSS

Exploits1References5