GHSA-XG76-5QJ2-2HHV Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation

Summary modules/sso/clients.php validates an admcsrftoken on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, a...

PT-2026-45039

Summary modules/sso/clients.php validates an adm csrf token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client-enable$enabled, and persists the new state with no token check. Because the action is reachable via plain GET parameters, ...

CVE-2026-3047

A flaw in Keycloak’s SAML broker (org.keycloak.broker.saml) allows a disabled SAML client, when configured as an IdP-initiated broker landing target, to complete the login flow and establish an SSO session. This can let a remote attacker access other enabled clients without re-authenticating, eff...

CVE-2026-3047

A flaw was found in org.keycloak.broker.saml. When a disabled Security Assertion Markup Language SAML client is configured as an Identity Provider IdP-initiated broker landing target, it can still complete the login process and establish a Single Sign-On SSO session. This allows a remote attacker...

EUVD-2024-1164

Malicious code in bioql PyPI...

Red Hat Keycloak 跨站脚本漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat Keycloak, which stems from a flaw found in SAML client registration that could allow an...

PT-2024-5147 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS,...

go-saml 数据伪造问题漏洞

go-saml is a good enough SAML client library written in Go open-sourced by Robots and Pencils. A security vulnerability exists in go-saml. An attacker exploits the vulnerability to create inputs that cause hash conflicts based on control over the inputs...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), com.adobe.cq.commerce:cq-commerce-core (>=5.6.0 <=5.13.18) +119 more potentially affected by CVE-2013-5679 via org.owasp.esapi:esapi (=2.0.1)

org.owasp.esapi:esapi MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.owasp.esapi:esapi and may be impacted: - cloud.genesys:web-messaging-sdk =3.0.0, =5.6.0, =2.0.54, =5.6.2, =1.0.36, =1.0.24, =5.5.4, =1.0.0, =5.6.4, =1.0.8,...

com.coveo:saml-client (>=3.0.0 <=4.0.3), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +203 more potentially affected by CVE-2014-8152 via org.apache.santuario:xmlsec (>=2.0.0 <=2.0.2)

org.apache.santuario:xmlsec MAVEN version =2.0.0, =3.0.0, =6.0.1, =0.0.1, =4.0.1 - com.googlecode.xades4j:xades4j =1.3.2 - com.helger:ph-ebinterface =3.1.0 and more Source cves: CVE-2014-8152 Source advisory: OSV:GHSA-W7CQ-J9P9-HM3M...

XML External Entities (XXE)

saml-client is vulnerable to XML external entities XXE. The vulnerability exists as DISALLOWDOCTYPEDECLFEATURE was not enabled when creating the DOMParser object...

RHEL 7 : Red Hat Single Sign-On 7.2.5 on RHEL 7 (RHSA-2018:3593)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3593 advisory. Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.2.5 on RHEL 6 security and bug fix update

New Red Hat Single Sign-On 7.2.5 packages are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

keycloak: auth permitted with expired certs in SAML client

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks...