CVE-2025-14386

The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generatessourl' and 'validatessotoken' functions in versions 2.4.4 to 2.5.12. This makes it...

CVE-2025-14386

The CVE-2025-14386 entry concerns the WordPress plugin “Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization” (versions 2.4.4–2.5.12). Connected sources confirm a missing capability check in generate_sso_url and validate_sso_token, enabling authentication...

EUVD-2023-1657

Malicious code in bioql PyPI...

CVE-2023-34230

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

CVE-2024-36383

An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage...

CVE-2024-36383

An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage...

CVE-2024-36383

Vulnerability summary: Logpoint SAML Authentication before 6.0.3 is affected by an issue where an attacker can place a crafted filename in the state field of a SAML SSO URL response, leading to deletion of the corresponding file and a SAML login outage. This affects Logpoint SAML Authentication p...

PT-2024-3950 · Logpoint · Logpoint Saml Authentication

Name of the Vulnerable Software and Affected Versions: Logpoint SAML Authentication versions prior to 6.0.3 Description: An issue in Logpoint SAML Authentication allows an attacker to place a crafted filename in the state field of a SAML SSO-URL response. This can lead to the deletion of the file...

GHSA-223G-8W3X-98WR Snowflake Connector .Net Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. Impacted driver package: snowflake-connector-net Impacted version range: before Version 2.0.18 Attack Scenario In order to exploit the potential fo...

Snowflake Connector .Net Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. Impacted driver package: snowflake-connector-net Impacted version range: before Version 2.0.18 Attack Scenario In order to exploit the potential fo...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecting use...

CVE-2023-34230

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

CVE-2023-34230 Snowflake Connector vulnerable to Command Injection

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

CVE-2023-34230 Snowflake Connector vulnerable to Command Injection

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

CVE-2023-34230 Snowflake Connector vulnerable to Command Injection

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

CVE-2023-34230

CVE-2023-34230 affects the Snowflake Connector for .NET (snowflake-connector-net) prior to version 2.0.18. The underlying issue is a command injection vulnerability via SSO URL authentication. An attacker would need to: (1) establish a malicious resource and (2) persuade a user to use a crafted c...

CVE-2023-34232 Snowflake NodeJS Driver vulnerable to Command Injection

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...

PT-2023-3207 · Snowflake · Snowflake-Connector-Nodejs

Name of the Vulnerable Software and Affected Versions: snowflake-connector-nodejs versions prior to 1.6.21 Description: The issue is related to a command injection vulnerability via single sign on SSO browser URL authentication. An attacker would need to establish a malicious resource and redirec...

Command Injection

net.snowflake:snowflake-jdbc is vulnerable to Command Injection. The vulnerability exists due to improper input sanitizations in the openBrowser function of SessionUtilExternalBrowser.java. An attacker is able to set up a malicious server to respond to an SSO URL with a malicious payload, leading...

CVE-2023-30535 Snowflake JDBC vulnerable to command injection via SSO URL authentication

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to...