GHSA-RCMW-7MC7-3RJ7 Sentry's improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the sa...

CVE-2026-20102

Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense (FTD) are affected by CVE-2026-20102, a reflected XSS in the SAML 2.0 SSO feature caused by insufficient input validation of multiple HTTP parameters. An unauthenticated, remote attacker could lure a user to a malicious link to ex...

CVE-2022-23600

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...

CVE-2025-32975

Quest KACE Systems Management Appliance SMA 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 Patch 5, and 14.1.x before 14.1.101 Patch 4 contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid...

CVE-2023-32993

Jenkins SAML Single Sign OnSSO Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...

CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

CVE-2025-23363

A vulnerability has been identified in Teamcenter V14.1 All versions, Teamcenter V14.2 All versions, Teamcenter V14.3 All versions V14.3.0.14, Teamcenter V2312 All versions V2312.0010, Teamcenter V2406 All versions V2406.0008, Teamcenter V2412 All versions V2412.0004. The SSO login service of...

CVE-2023-44445

NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw...

Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

A critical security vulnerability has been disclosed in the Open Authorization OAuth implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs...

CVE-2022-4496 miniOrange WordPress SAML SSO multiple versions - Open Redirect in SSO login

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an...

CVE-2022-36076 Account takeover via SSO plugins in NodeBB

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...

Design/Logic Flaw

In zulip before 1.3.12, deactivated users could access messages if SSO was enabled...

Shopify: Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation

Hello Shopify, I have found a bug by which I can verify any email on .myshopify.com, the bug is very strange but it works. Also I can take over the accounts but only the ones which do not have SSO. To reproduce please follow the steps exactly as I written otherwise you will not be able to reprodu...

Design/Logic Flaw

The ssoutil program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process...