PT-2026-42587

Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...

PT-2026-29814

Name of the Vulnerable Software and Affected Versions NocoBase versions prior to 2.0.30 Description NocoBase is an AI-powered no-code/low-code platform. The plugin-workflow-sql component, in versions up to 2.0.8, directly substitutes template variables into raw SQL strings using getParsedValue...