CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

517 matches found

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.4AI score0.06139EPSS

Exploits1References5

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux – Vulnerability in xmltooling

Shibboleth XMLTooling before version 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allowed SSRF through a specially crafted KeyInfo element. This issue has been fixed, for example, in Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.7AI score0.0296EPSS

Exploits3References1

Tenable Nessus•added 2026/01/15 12:0 a.m.•4 views

Shibboleth SSO Open Redirect

Shibboleth Service Provider SP contains an open redirect vulnerability. An attacker can exploit this vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other malicious activities. This issue arises when the 'redirectLimit' configuration option is not...

6.9AI score

Exploits0References1

RedhatCVE•added 2026/01/09 11:25 a.m.•5 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.3CVSS7.1AI score0.01294EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•4 views

CVE-2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable for a daemon crash on systems not using this feature if a crafted cookie is supplied...

7.5CVSS6.8AI score0.02EPSS

Exploits1References1