Unsigned SAML LogoutRequest Acceptance in gosaml2

Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...

GHSA-PCGW-QCV5-H8CH Unsigned SAML LogoutRequest Acceptance in gosaml2

Summary The ValidateEncodedLogoutRequestPOST function in gosaml2 accepts completely unsigned SAML LogoutRequest messages even when SkipSignatureValidation is set to false. When validateElementSignature returns dsig.ErrMissingSignature, the code in decodelogoutrequest.go:60-62 silently falls throu...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

EUVD-2025-34655

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148

CVE-2025-47148 affects BIG-IP with APM/SSL Orchestrator when configured as both SAML SP and IdP with SLO enabled; undisclosed requests can cause memory resource exhaustion, leading to DoS on the BIG-IP data plane. F5’s October 2025 security bundle K000156572 provides fixes across multiple branche...

CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

CVE-2025-47148 BIG-IP APM and SSL Orchestrator vulnerability

When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service provider SP and Identity Provider IdP, with single logout SLO enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have...

F5 Networks BIG-IP : BIG-IP APM and SSL Orchestrator vulnerability (K000148816)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000148816 advisory. When the BIG-IP system is configured as both a Security Assertion Markup Language SAML service...

EUVD-2020-27088

Malware in sbrugna...

EUVD-2022-4320

Malicious code in bioql PyPI...

GHSA-RPX3-F938-XJ5Q Liferay Portal and DXP does not properly expire sessions

Summary Liferay Portal/DXP contains an Insufficient Session Expiration issue where the Single Logout SLO API may fail to invalidate a user’s previous session. An attacker can reuse a stale session via the SLO endpoint to gain an authenticated context. Affected Versions The following platform...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the SpSessionTerminationSamlPortalFilter. An attacker can gain unauthorized access to user accounts by reusing old session tokens via the SLO API, causing the session to be reinitialized when it should...

Liferay Portal and DXP does not properly expire sessions

Summary Liferay Portal/DXP contains an Insufficient Session Expiration issue where the Single Logout SLO API may fail to invalidate a user’s previous session. An attacker can reuse a stale session via the SLO endpoint to gain an authenticated context. Affected Versions The following platform...

CVE-2025-43819

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old...

CVE-2025-43819

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old...

CVE-2025-43819

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old...

CVE-2025-43819

CVE-2025-43819 affects Liferay Portal (7.3.3.131–7.4.3.121) and Liferay DXP (2024.Q1.1–Q4.3 across 2024.Q1–Q4). Root cause is Insufficient Session Expiration via the SLO API, allowing remote, unauthenticated attackers to reuse a stale session and gain an authenticated context. Impact is potential...

Liferay Portal和Liferay DXP 代码问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...