CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

576 matches found

NVD•added 2026/05/18 8:16 p.m.•6 views

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

6.1CVSS0.00009EPSS

Exploits1References3

Vulnrichment•added 2026/05/18 7:57 p.m.•5 views

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

4.7CVSS5.8AI score0.00009EPSS

Exploits1References3

ATTACKERKB•added 2026/05/18 7:57 p.m.•3 views

CVE-2025-65954

4.7CVSS5.8AI score0.00009EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/05/18 7:57 p.m.•26 views

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

4.7CVSS0.00009EPSS

Exploits1References3

EUVD•added 2026/05/18 7:57 p.m.•4 views

EUVD-2025-209889

4.7CVSS5.8AI score0.00009EPSS

Exploits1References3

CNNVD•added 2026/05/18 12:0 a.m.•4 views

SimpleSAMLphp-casserver 输入验证错误漏洞

SimpleSAMLphp-casserver is an open-source CAS protocol-compatible single-signpoint login server module developed by SimpleSAMLphp. Versions prior to 6.3.1 and 7.0.0 of SimpleSAMLphp-casserver contained a vulnerability related to input validation errors. This vulnerability occurred because the...

6.1CVSS5.8AI score0.00009EPSS

Exploits1References1

Github Security Blog•added 2026/05/15 6:7 p.m.•8 views

SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

Summary simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controlled ticket identifier. Public CAS validation/proxy endpoints pass attacker-controlled ticket / pgt query parameters into...

5.8AI score

Exploits0References2Affected Software1

OSV•added 2026/05/15 6:7 p.m.•2 views

GHSA-JRRG-99XH-5J2Q SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

8.6CVSS5.8AI score

Exploits0References2

OSV•added 2026/05/15 4:21 p.m.•1 views

GHSA-CVRM-5HP6-H523 SimpleSAMLphp casserver: Open Redirect in logout

Summary The logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. There are a number of other things broke...

4.7CVSS5.8AI score0.00009EPSS

Exploits1References6

Snyk•added 2026/05/15 4:21 p.m.•9 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the logout process. An attacker can redirect users to arbitrary external websites by supplying a crafted url parameter. This is only exploitable if the configuration option enablelogout is set to true, and is most...

6.1CVSS6AI score0.00009EPSS

Exploits1References2

Circl•added 2026/05/14 10:42 p.m.•1 views

CVE-2025-65954

creationtimestamp| type| source ---|---|--- 2026-05-14 22:42:35+00:00| published-proof-of-concept| https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523...

6.1CVSS5.8AI score0.00009EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-0931

Malware in sbrugna...

4.3CVSS6.1AI score0.00475EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-4411

Malware in sbrugna...

7.5CVSS6.4AI score0.00478EPSS

Exploits0References4