Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

CVE-2026-23687

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

CVE-2026-23687

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

CVE-2026-23687

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive...

CVE-2025-69212

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a .p7m file with a...

PT-2026-6767

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to a critical OS Command Injection issue in the P7M signed XML file decoding functionality. An authenticated attacker can upload a ZIP file containing a...

samlify SAML Signature Wrapping attack

A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...

XML Signature Bypass

xml-crypto is vulnerable to an XML Signature Bypass. The vulnerability is due to improper validation of signed XML structures, allowing an attacker to modify a signed XML message while still passing signature verification checks...

XML Signature Manipulation

xml-crypto is vulnerable to an XML signature manipulation. The vulnerability is due to improper validation of signed XML documents, which allows an attacker to modify a signed XML message while still passing signature verification checks...

xml-crypto 数据伪造问题漏洞

NPM xml-crypto is a digital signature and encryption library from NPM. A security vulnerability exists in xml-crypto version 6.0.0 and earlier that stems from bypassing authentication or authorization mechanisms, allowing an attacker to modify valid signed XML messages...

NPM xml-crypto 数据伪造问题漏洞

NPM xml-crypto is a digital signature and cryptography library from NPM. A security vulnerability exists in NPM xml-crypto version 6.0.0 and earlier that stems from bypassing authentication or authorization mechanisms, allowing an attacker to modify valid signed XML messages...

Authentication flaw

node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the...

CVE-2022-39300

CVE-2022-39300 affects node-saml (SAML 2.0 library used with passport-saml). Reports consistently describe a signature-bypass vulnerability where a remote attacker can bypass SAML authentication by manipulating an arbitrary IDP signed XML element, potentially enabling unauthenticated access depen...

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

PT-2022-24883 · Unknown +1 · Passport-Saml +1

Name of the Vulnerable Software and Affected Versions: node-saml versions prior to 4.0.0-beta5 Description: A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML...

GHSA-4HQ8-GMXX-H6W9 XML Processing error in github.com/crewjam/saml

Impact There are three vulnerabilities in the go encoding/xml package that can allow an attacker to forge part of a signed XML document. For details on this vulnerability see xml-roundtrip-validator Patches In version 0.4.3, all XML input is validated prior to being parsed...

MS16-035: Security update for the .NET Framework to address security feature bypass

Resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.October 11, 2016 Revised bulletin to announce that security updates 3135994 and 3135995 for the...

MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows Server 2012: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows Server 2012: March 8, 2016 October 11, 2016 This security update has been re-released to Windows Server Update Services WSUS channel because of an offering issue that may have affected some WSUS customers who had...

Microsoft .NET Framework XML Validation Security Feature Bypass Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...