Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

582 matches found

RedhatCVE
RedhatCVEadded 2025/03/13 10:24 p.m.10 views

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS6.7AI score0.00296EPSS
Exploits0References1
Snyk
Snykadded 2025/03/11 7:44 p.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the HTTPRedirect binding process. An attacker can manipulate the message processing by appending a malicious SAMLRequest in front of a valid SAMLResponse, leading to the applicati...

8.6CVSS6.9AI score0.00296EPSS
Exploits0References2
OSV
OSVadded 2025/03/11 7:23 p.m.8 views

GHSA-46R4-F8GJ-XG56 The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...

8.6CVSS8.5AI score0.00296EPSS
Exploits0References7
Github Security Blog
Github Security Blogadded 2025/03/11 7:23 p.m.17 views

The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...

8.6CVSS6.8AI score0.00296EPSS
Exploits0References7Affected Software2
NVD
NVDadded 2025/03/11 7:15 p.m.35 views

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS0.00296EPSS
Exploits0References5
OSV
OSVadded 2025/03/11 7:15 p.m.3 views

DEBIAN-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS5.4AI score0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/03/11 7:4 p.m.10 views

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS8.5AI score0.00296EPSS
Exploits0References4
CVE
CVEadded 2025/03/11 7:4 p.m.99 views

CVE-2025-27773

CVE-2025-27773 affects the SimpleSAMLphp SAML2 library. A signature confusion attack exists in the HTTPRedirect binding where an attacker who has any signed SAMLResponse can cause the application to accept an unsigned message. This impacts versions prior to 4.17.0 and 5.0.0-alpha.20. The issue is...

8.6CVSS6.9AI score0.00296EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/03/11 7:4 p.m.30 views

CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

8.6CVSS0.00296EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/03/11 12:0 a.m.2 views

PT-2025-10892

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp SAML2 library versions prior to 4.17.0 and 5.0.0-alpha.20 Description: The issue is related to a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can...

8.6CVSS6.2AI score0.00296EPSS
Exploits0References25
RedhatCVE
RedhatCVEadded 2025/02/05 12:21 p.m.5 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS6.6AI score0.00406EPSS
Exploits0References1
Veracode
Veracodeadded 2025/01/06 9:1 a.m.12 views

XML External Entity (XXE) Injection

simplesamlphp is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of untrusted XML input, which allows attackers to exploit maliciously crafted XML documents, such as SAMLResponse, to access sensitive information or perform other malicious activities...

8.3CVSS7.1AI score0.00406EPSS
Exploits0References4Affected Software5
Veracode
Veracodeadded 2024/12/11 12:29 a.m.3 views

XML External Entity

simplesamlphp/xml-common is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of untrusted XML input during document parsing, which allows an attacker to exploit external entity references to access sensitive data or perform denial-of-service attacks...

8.8CVSS5.6AI score0.00966EPSS
Exploits0References5Affected Software2
OpenVAS
OpenVASadded 2024/12/03 12:0 a.m.10 views

Debian: Security Advisory (DSA-5822-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.00966EPSS
Exploits0References2
OpenVAS
OpenVASadded 2024/12/03 12:0 a.m.13 views

Debian: Security Advisory (DLA-3981-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.00966EPSS
Exploits0References2
OSV
OSVadded 2024/12/02 8:0 p.m.9 views

GHSA-J5G2-Q29X-CW3H SimpleSAMLphp vulnerable to XXE in parsing SAML messages

Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. Original Description Summary When loading an untrusted XML document, fo...

8.3CVSS8AI score0.00966EPSS
Exploits0References4
OSV
OSVadded 2024/12/02 5:25 p.m.19 views

GHSA-PXM4-R5PH-Q2M2 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.phpL41 including the DTDLoad option, which allows...

8.3CVSS8AI score0.00406EPSS
Exploits0References4
NVD
NVDadded 2024/12/02 5:15 p.m.10 views

CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS0.00966EPSS
Exploits0References3
OSV
OSVadded 2024/12/02 5:15 p.m.1 views

DEBIAN-CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS5.3AI score0.00406EPSS
Exploits0References1
OSV
OSVadded 2024/12/02 5:15 p.m.1 views

DEBIAN-CVE-2024-52596

SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0...

8.8CVSS5.3AI score0.00966EPSS
Exploits0References1
Rows per page
Query Builder