Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to Missing XML Validation CVE-2026-1190

Summary keycloak is used by the IBM Datapower Operations Dashboard as part of their IAM and SSO implementation Vulnerability Details CVEID:CVE-2026-1190 DESCRIPTION: A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup...

CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

Admidio 数据伪造问题漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a data manipulation vulnerability. This vulnerability stemm...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

keycloak: Backchannel logout not working when Principal Type is set to Attribute Name for external SAML IDP

A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute Name...

Juniper Networks Mist Cloud UI Input Validation Error Vulnerability (CNVD-2020-64788)

Juniper Networks Mist Cloud is a Juniper Networks USA platform that simplifies cloud management and helps users prevent vendor and complexity lock-in. It provides cost and utilization reporting, RBAC, management, provisioning, orchestration, monitoring and automation for servers across public and...

Mattermost Server Input Validation Error Vulnerability (CNVD-2020-48226)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. An input validation error vulnerability exists in Mattermost Server versions prior to 4.7.0, prior to 4.6.2, and prior to 4.5.2, which stems from the program's failure to enforce the expiration date...

Apache CXF SAML Web SSO Module Authentication Bypass Vulnerability

Apache CXF is an open source service framework for the use of JAX-WS, JAX-RS and other front-end programming API compilation and development services. A security vulnerability in the SAML Web SSO module of Apache CXF allows remote attackers to bypass authentication by constructing specially craft...