Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 10:42 a.m.3 views

CVE-2022-26155

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...

6.1CVSS6AI score0.00317EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-13486

Malware in sbrugna...

9CVSS7.7AI score0.00403EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-3414

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00218EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-30721

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00317EPSS
Exploits0References2
Veracode
Veracodeadded 2025/03/17 4:59 a.m.5 views

Signature Confusion Attack

simplesamlphp/saml2 is vulnerable to a Signature Confusion Attack. The vulnerability is due to improper validation in the HTTP-Redirect binding, which allows an attacker with any signed SAMLResponse to trick the application into accepting an unsigned message...

8.6CVSS6.5AI score0.00157EPSS
Exploits0References7Affected Software2
OSV
OSVadded 2025/03/11 7:23 p.m.7 views

GHSA-46R4-F8GJ-XG56 The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...

8.6CVSS8.5AI score0.00157EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2024/12/02 5:25 p.m.29 views

SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.phpL41 including the DTDLoad option, which allows...

8.3CVSS8AI score0.00183EPSS
Exploits0References4Affected Software2
NVD
NVDadded 2024/12/02 5:15 p.m.14 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS0.00183EPSS
Exploits0References2
NVD
NVDadded 2024/12/02 5:15 p.m.10 views

CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS0.00218EPSS
Exploits0References3
OSV
OSVadded 2024/12/02 5:15 p.m.0 views

UBUNTU-CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS5.8AI score0.00183EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2024/12/02 5:14 p.m.25 views

SimpleSAMLphp xml-common XXE vulnerability

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.phpL39 including the DTDLoad option, which allows an attacker to read file contents...

8.8CVSS5.9AI score0.00218EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2024/12/02 5:14 p.m.13 views

GHSA-2X65-FPCH-2FCM SimpleSAMLphp xml-common XXE vulnerability

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/xml-common/blob/v1.19.0/src/DOMDocumentFactory.phpL39 including the DTDLoad option, which allows an attacker to read file contents...

8.8CVSS7.9AI score0.00218EPSS
Exploits0References5
OSV
OSVadded 2024/12/02 4:24 p.m.4 views

CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS6.5AI score0.00218EPSS
Exploits0References5
CVE
CVEadded 2024/12/02 4:24 p.m.69 views

CVE-2024-52596

The CVE-2024-52596 entry concerns SimpleSAMLphp xml-common, where loading an untrusted XML document (e.g., a SAMLResponse) can trigger an XXE. Root cause: parsing with LIBXML_DTDLOAD/LIBXML_DTDATTR enabled allows reading local files or internal resources. The vulnerability affects SimpleSAMLphp x...

8.8CVSS6.4AI score0.00218EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2024/12/02 4:24 p.m.14 views

CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS5.2AI score0.00218EPSS
Exploits0
Cvelist
Cvelistadded 2024/12/02 4:24 p.m.16 views

CVE-2024-52596 SimpleSAMLphp xml-common XXE vulnerability

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS0.00218EPSS
Exploits0References2
Saint
Saintadded 2023/02/17 12:0 a.m.223 views

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

9.8CVSS10AI score0.94378EPSS
Exploits15
Saint
Saintadded 2023/02/17 12:0 a.m.163 views

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

9.8CVSS10AI score0.94378EPSS
Exploits15
0day.today
0day.todayadded 2023/02/13 12:0 a.m.536 views

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine AdSelfService Plus versions 6210 and below. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a...

9.8CVSS9.8AI score0.94378EPSS
Exploits15
NVD
NVDadded 2022/02/28 4:15 p.m.6 views

CVE-2022-26155

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...

6.1CVSS0.00317EPSS
Exploits0References2
Rows per page
Query Builder