CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

513 matches found

Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery

The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery SSRF due to insufficient restriction of the requesturi parameter, which allows attackers to interact with arbitrary third-party HTTP services. id: CVE-2022-24129 info: name: Shibboleth OIDC O...

8.2CVSS7.6AI score0.22831EPSS

Exploits1References5

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в xmltooling

Shibboleth XMLTooling before version 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allowed SSRF through a specially crafted KeyInfo element. This issue has been fixed, for example, in Shibboleth Service Provider 3.4.1.3 on Windows...

7.5CVSS7.2AI score0.60666EPSS

Exploits3References1

Tenable Nessus•added 2026/01/15 12:0 a.m.•3 views

Shibboleth SSO Open Redirect

Shibboleth Service Provider SP contains an open redirect vulnerability. An attacker can exploit this vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other malicious activities. This issue arises when the 'redirectLimit' configuration option is not...

6.9AI score

Exploits0References1

RedhatCVE•added 2026/01/09 11:25 a.m.•3 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.3CVSS7.1AI score0.00488EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:24 a.m.•3 views

CVE-2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable for a daemon crash on systems not using this feature if a crafted cookie is supplied...

7.5CVSS6.8AI score0.01478EPSS

Exploits1References1