CVE-2025-64131

CVE-2025-64131 concerns the Jenkins SAML Plugin (versions up to 4.583.vc68232f7018a_ and earlier) not implementing a replay cache for SAML authentication flow. The absence of a replay cache allows an attacker who can observe the SAML exchange to replay requests and authenticate as the target user...

CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

EUVD-2025-34655

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148

CVE-2025-47148 affects BIG-IP with APM/SSL Orchestrator when configured as both SAML SP and IdP with SLO enabled; undisclosed requests can cause memory resource exhaustion, leading to DoS on the BIG-IP data plane. F5’s October 2025 security bundle K000156572 provides fixes across multiple branche...

CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-25252

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

CVE-2025-25252

This CVE (CVE-2025-25252) concerns an Insufficient Session Expiration (CWE-613) in FortiOS SSL VPN across multiple major releases, allowing a remote attacker with a valid SAML session record (e.g., a former admin) to access or reopen that session via re-use of the SAML record. A public POC exists...

CVE-2025-25252

An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker e.g. a former admin whose account was removed and whose session was terminated in possessi...

EUVD-2019-10242

Malware in sbrugna...

EUVD-2016-1566

Malware in sbrugna...

EUVD-2023-45151

Malicious code in bioql PyPI...

EUVD-2022-39706

Malicious code in bioql PyPI...

EUVD-2025-31336

Malicious code in bioql PyPI...

EUVD-2025-29019

Malicious code in bioql PyPI...

EUVD-2025-24824

Malicious code in bioql PyPI...

CVE-2024-58267

A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancher’s authentication tokens...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...

CVE-2025-2256 Improper Validation of Specified Quantity in Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses...

GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 7.12 up to and including...

Linux Distros Unpatched Vulnerability : CVE-2021-43999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicio...